[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Backdoor over http(s)??



Mátyás Tibor wrote:

First off, there was a "backdoor" during 2003 (dont remember when) in the SSL-libs. Which could be used via Apache to put files in the /tmp dir... (I know this cause I found such files myself)

And I have Phpnuke 6.9 (?? PHP ??)

PHPNuke is ridden with security flaws, 6.9 have had securitypatches for admin.php, the weblinks & downloads modules. Depends on if you patch your server or not...

Ok, somebody could use wget, but what about the .do.sh -->
how was it possible, to execute it?

/tmp is a executable directory, isn't it?!
Normally "hackers" who gain access through some backdoor needs to gain access to the machine, then try to execute a lot of tests to see if any local exploits are available to see if they can get root-access.

My own experience a month back told me so (an old RH 7.0 machine got hacked)

//Mattias

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here