Security Breach ?
Leonard Isham
leonard.isham at gmail.com
Thu Mar 3 12:15:31 UTC 2005
On Thu, 3 Mar 2005 00:11:26 -0500, Chris Strzelczyk
<cstrzelczyk at nobletechnology.net> wrote:
>
> On Mar 3, 2005, at 12:11 AM, Thomas Cameron wrote:
>
> >
> > <snip>
> >
> > Look in /var/tmp - anything there called aVe or uselib24 or bots.txt?
> > Also, look in your /var/log/httpd area for anything weird in access_log
> > or error_log.
>
> Yes, I did have a couple of PERL programs in /var/tmp. One was called
> https and it is attached.
> As far as I understand this vulnerability it is limited to the user
> Apache is run by correct?
>
The key question is "As far as I understand this vulnerability it is
limited to the user Apache is run by correct?"
The answer is you don't know how far they went.
Once you have local access then you can use a second exploit to get
root access, or attack another system using the owned system. If the
user apache was not configured properly then they may have been able
to steal the shadow file and crack your passwords.
Please do everyone a favor, if you have not already done this. Pull
the plug, yes I mean this and I mean right now. Don't power it back
up until you have the CD's to reload it, without a network connection.
You have seen the rest in other posts.
May be it will help if you understand that CISSP is Certified
Information Systems Security Professional and requires a minimum of 2
years experience and passing a 6 hour exam. In other words I'm not
just making this up.
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list