[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Hacker Goes On Defacement Spree In Australi a

Subject: RE: [cobalt-security] Hacker Goes On Defacement Spree In Australi a
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Fri, 7 Sep 2001 12:55:41 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Nick Drage wrote:

> One, do be very wary of cgi scripts.... but I expect you've 
> worked that out for yourself by now.

One very useful trick to stop those naughty CGI 'exploits':

chmod 0700 /usr/sbin/inetd

stops anyone but root running inetd, thus prevents the easiest way of
getting root in the known universe. If any user can run inetd, then (say)
the webserver user can bind a shell to any non-privileged port and then they
have local access - without logging.

Once you're local, getting root is a whole lot easier...

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: RE: [cobalt-security] Hacker Goes On Defacement Spree In Australi a
Next by Date: [cobalt-security] TCP & UDP Ports
Previous by thread: RE: [cobalt-security] Hacker Goes On Defacement Spree In Australi a
Next by thread: [cobalt-security] TCP & UDP Ports

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index