[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Backdoor over http(s)??
Am Die, den 13.01.2004 schrieb Mátyás Tibor um 17:33:
> I have got in /cgi-bin/ directory:
> -neomail (1.26)
> -openwebmail (2.30)
> -SuSE things
> but nothing else.
> And I have Phpnuke 6.9 (?? PHP ??)
Did you check PHPNuke? I wouldn't trust this piece of software further
than I can throw my Gateway bigtower case ;-)
PostNuke and PHPNuke are known to be notoriously weak when it comes to
> Ok, somebody could use wget, but what about the .do.sh -->
> how was it possible, to execute it?
Without knowing anything else I'd suspect PHPNuke to be the open door.
It may contain a bug that allows to pass executable content as a
parameter. This has been the case in the past very often as the
developers of those two projects don't seem to be too concerned about
evaluating the parameters at runtime.
Have a look at this:
I really wouldn't use PostNuke or PHPNuke as there never has been any
code audit seemingly since new weaknesses based on poor programming are
just my 0.02 euro ;-)
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here