[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0412260136480.19756-100000@bugsbunny.castlecops.com>
Date: Sun, 26 Dec 2004 01:39:14 -0500 (EST)
From: Paul Laudanski <zx@...tlecops.com>
To: Raistlin <raistlin@...co.net>
Cc: Juergen Schmidt <ju@...sec.de>, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com
Subject: Re: Re: New Santy-Worm attacks *all* PHP-skripts
On Sat, 25 Dec 2004, Raistlin wrote:
> Juergen Schmidt wrote:
> > Hello,
> >
> > the new santy version not only attacks phpBB.
>
> How would these two worms react to classical hardening tips such as PHP
> Safe mode and noexec /tmp ?
For this particular strain it would certainly help, but that is why there
exists new variations. Certainly doing it to /tmp, /usr/tmp, /var/tmp
could help, but it isn't 100% foolproof, and some don't even consider it
security. Another measure one might use is chmod 700 (or 400 depending on
your needs) wget.
Then again, you can always disable the functions in php.ini for exec and
system for instance to help stave off other similar attacks.
--
Regards,
Paul Laudanski - Computer Cops, LLC. CEO & Founder
CastleCops(SM) - http://castlecops.com
Promoting education and health in online security and privacy.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists