Blackhole
Mike Klinke
mklinke at axsi.com
Mon Apr 11 19:44:31 UTC 2005
On Monday 11 April 2005 14:36, Chris Kenward wrote:
>
> 100% Correct. What I cannot understand is how the file would have
> been transferred. Would it have been possible that the hacker
> used Apache on the box and simply uploaded the file? The mind
> boggles.
>
If you allow the users to install their own executables; *.cgi,
*.php, etc. it's possible that a security hole has been introduced.
For example, recent problems with various PHP packages allow almost
any file to be pulled from the computer
(e.g.etc/passwd, /etc/shadow) and files to be placed on the
computer's hard drive.
Regards, Mike Klinke
More information about the redhat-list
mailing list