Security Breach ?
Thomas Cameron
thomas.cameron at camerontech.com
Thu Mar 3 06:38:06 UTC 2005
>> Look in /var/tmp - anything there called aVe or uselib24 or bots.txt?
>> Also, look in your /var/log/httpd area for anything weird in access_log
>> or error_log.
>
> Yes, I did have a couple of PERL programs in /var/tmp. One was called
> https and it is attached.
> As far as I understand this vulnerability it is limited to the user
> Apache is run by correct?
Well, sort of. Once someone has put something on your system that you
didn't give them permission to, it's their box. Period. So even though
they might have uploaded something as a non-privileged users, it's not too
far to them rooting your system.
Back up your data, rebuild, and restore data. It sucks, but it's really
the best idea.
Thomas
More information about the fedora-list
mailing list