Security Breach ?
Jeff Vian
jvian10 at charter.net
Thu Mar 3 13:45:46 UTC 2005
On Wed, 2005-03-02 at 18:12 -0500, Chris Strzelczyk wrote:
> Alright well not it's certain I have a friend on my system. I have
> found this file named "https" on my
> system in /tmp
>
> I'm not as PERL savy as I want to be but it does open IRC on the
> server. The file is owned by apache:apache. So it
> looks like my friend is using Apache as a tool. Would anybody have a
> clue on how he could get this in tmp and then run it?
> The file was not set executable either.
>
A perl script does not have to be executable to run.
Perl can run the contents simply by reading it, without having execute
permissions.
The same thing applies to shell scripts, python scripts, etc.
>
> #!/usr/bin/perl
As others have already said, That box is now "owned" and the only
certain way to wipe out the intrusion is to do a bare bones reinstall.
More information about the fedora-list
mailing list