-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 519-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
June 15th, 2004
On Tue, 15 Jun 2004, Ross Tsolakidis wrote:
I'd appreciate some help on how to stop this from happening.
Run something like aide so you can detect when it goes wrong (though there
are some caveats it does not sound like they will hit you) and run a
netflow-collector next to it, if you can.
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Thanks in advance,
Rudy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, 15 Jun 2004 17:24, Rudy Gevaert [EMAIL PROTECTED] wrote:
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Does PHP allow executing arbitary binaries?
If the user can install CGI-BIN scripts then
Ignore my message. I didn't read the url give aboven carefully
enough. It mentions what I asked.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
On Tue, 15 Jun 2004 17:24, Rudy Gevaert [EMAIL PROTECTED] wrote:
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Does PHP allow
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote:
Hello!
andrew lattis [EMAIL PROTECTED] schrieb:
what does everyone else use to keep track of all there passwords?
Following an article of Martin Joey Schulze in a german magazine i send
a mail with the password encryted for
Hi,
Fri, 11 Jun 2004 20:50:12 +0900, [EMAIL PROTECTED]
may CAN-2004-041[678] affect on woody?
May CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418 not affect
on Debian woody? Or, may anyone works for merging this fix?
The answer is It affects woody and now DSA 519-1 was shipped.
--
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
Does PHP allow executing arbitary binaries?
[snip]
Yes, unless in your php.ini you have something along the lines of:
disable_functions =
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
Does PHP allow executing arbitary binaries?
[snip]
Yes, unless in your php.ini you have
On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote:
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
Does PHP allow executing
Hi,
Tue, 15 Jun 2004 10:35:33 +0200, Rudy Gevaert
securing PHP (was: Kernel Crash Bug)
Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, Hardened-PHP.
http://www.hardened-php.net/
--
Regards,
Hideki Yamanemailto:henrich @
al what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
http://www.xs4all.nl/~wbsoft/linux/tkpasman.html
--
Prof Kenneth H Jacker [EMAIL PROTECTED]
Computer Science Dept www.cs.appstate.edu/~khj
Appalachian State Univ
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
al what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
micah Try kedpm, its a debian package, and has console as well as
micah GUI support and uses the FPM data, really nice.
Thanks for the suggestion!
Though I found a web site for 'kedpm':
http://kedpm.sourceforge.net/
the following return no Debian packages:
Here is a list of junk subject patterns in case someone is interested.
Alain
junkMailPatterns.gz
Description: Binary data
Can the mailing list software add a X-Subscribed : yes/no in the
mail headers ? Then people decide to filter it out or not.
Alain
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Wipe, install, set up chkrootkit and run it often.
I've already done that. There was no rootkit.
How does phpnuke compromise apache if apache is set up correctly?
I believe it's some of the modules available and running php with 'safe
mode off'.
I need to find the vulnerable code on this box.
On Tue, Jun 15, 2004 at 02:32:21PM +1000, Ross Tsolakidis wrote:
Wipe, install, set up chkrootkit and run it often.
I've already done that. There was no rootkit.
An alternative to chkrootkit is rkhunter - it's a set of scripts. You
can find the web address on something like freshmeat.net or
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
Ross Tsolakidis wrote:
Wipe, install, set up chkrootkit and run it often.
I've already done that. There was no rootkit.
How does phpnuke
hi ya
On Wed, 16 Jun 2004, TiM wrote:
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
c ya
alvin
On Tue, 15 Jun 2004 18:46, Alberto Gonzalez Iniesta [EMAIL PROTECTED] wrote:
Some of the applications I run use kwallet, that seems similar to what
Russell Cooker described for OS X.
No. kwallet can be ptraced, this allows a hostile program to get access to
all it's data with ease.
Of course
Incoming from Ross Tsolakidis:
One of our webservers seems to get compromised on a daily basis.
When I do a ps ax I see these processes all the time.
18687 ?S 0:00 shell
18701 ?Z 0:00 [sh defunct]
18704 ?T 0:00 ./3 200.177.162.185 1524
I vaguely
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Thanks in advance,
Rudy
On Tue, 15 Jun 2004 17:24, Rudy Gevaert [EMAIL PROTECTED] wrote:
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Does PHP allow executing arbitary binaries?
If the user can install CGI-BIN scripts then
Ignore my message. I didn't read the url give aboven carefully
enough. It mentions what I asked.
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
On Tue, 15 Jun 2004 17:24, Rudy Gevaert [EMAIL PROTECTED] wrote:
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Does PHP allow
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote:
Hello!
andrew lattis [EMAIL PROTECTED] schrieb:
what does everyone else use to keep track of all there passwords?
Following an article of Martin Joey Schulze in a german magazine i send
a mail with the password encryted for
Hi,
Fri, 11 Jun 2004 20:50:12 +0900, [EMAIL PROTECTED]
may CAN-2004-041[678] affect on woody?
May CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418 not affect
on Debian woody? Or, may anyone works for merging this fix?
The answer is It affects woody and now DSA 519-1 was shipped.
--
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
Does PHP allow executing arbitary binaries?
[snip]
Yes, unless in your php.ini you have something along the lines of:
disable_functions =
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
Does PHP allow executing arbitary binaries?
[snip]
Yes, unless in your php.ini you have
On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote:
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
Does PHP allow executing
Hi,
Tue, 15 Jun 2004 10:35:33 +0200, Rudy Gevaert
securing PHP (was: Kernel Crash Bug)
Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, Hardened-PHP.
http://www.hardened-php.net/
--
Regards,
Hideki Yamanemailto:henrich @
al what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
http://www.xs4all.nl/~wbsoft/linux/tkpasman.html
--
Prof Kenneth H Jacker [EMAIL PROTECTED]
Computer Science Dept www.cs.appstate.edu/~khj
Appalachian State Univ
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
al what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
micah Try kedpm, its a debian package, and has console as well as
micah GUI support and uses the FPM data, really nice.
Thanks for the suggestion!
Though I found a web site for 'kedpm':
http://kedpm.sourceforge.net/
the following return no Debian packages:
Here is a list of junk subject patterns in case someone is interested.
Alain
junkMailPatterns.gz
Description: Binary data
Can the mailing list software add a X-Subscribed : yes/no in the
mail headers ? Then people decide to filter it out or not.
Alain
Wipe, install, set up chkrootkit and run it often.
I've already done that. There was no rootkit.
How does phpnuke compromise apache if apache is set up correctly?
I believe it's some of the modules available and running php with 'safe
mode off'.
I need to find the vulnerable code on this box.
On Tue, Jun 15, 2004 at 02:32:21PM +1000, Ross Tsolakidis wrote:
Wipe, install, set up chkrootkit and run it often.
I've already done that. There was no rootkit.
An alternative to chkrootkit is rkhunter - it's a set of scripts. You
can find the web address on something like freshmeat.net or
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
Ross Tsolakidis wrote:
Wipe, install, set up chkrootkit and run it often.
I've already done that. There was no rootkit.
How does
hi ya
On Wed, 16 Jun 2004, TiM wrote:
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
c ya
alvin
42 matches
Mail list logo
