Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
perl script drop
  • From: "Gerhard Stegmann" <gerhard.stegmann@xxxxxxxxxxx>
  • Date: Mon, 12 May 2003 13:12:22 +0200
  • Message-id: <72228D27AC22C04D9A39FD52B3E94FFB2B821B@xxxxxxxxxxxxxxxxxxxxxxxxxx>
hi there
i have 2.4.20 with apache 1.3.26 and mod_php 4.2.2

somehow it was possible for a guy, to drop a file /tmp/.ps on the machine, and to start perl on that file

#>ps ax

1234 perl /tmp/.ps

the file was created under wwwrun.www - ownership, which tells me that apache created it.
the script just listens for incoming connections on p 4098, and opens a shell if the correct password is entered.

is this issue known to someone here ?

thanks,
gerhard

the script :

---------------------------------->8--------------





<<.ps>>


~~~~~~~~~~~~~~~~~~~~~~

< Previous Next >