From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
---|---|
To: | Daniele Orlandi <daniele(at)orlandi(dot)com> |
Cc: | pgsql-hackers(at)postgreSQL(dot)org, pgsql-mirrors(at)postgreSQL(dot)org |
Subject: | Re: [MIRRORS] Attempt to crack ftp site |
Date: | 1999-08-23 23:20:13 |
Message-ID: | Pine.BSF.4.10.9908232019180.80485-100000@thelab.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi Daniele...
I just checked the main repository, and no such file exists
there...my guess is that this is specific to your server?
On Tue, 24 Aug 1999, Daniele Orlandi wrote:
>
> Hi,
>
> I've just found very suspicious directory entries in
> ftp.postgresql.org/pub/.incoming, for sure it's an attempt to exploit some
> secuirity hole to gain access to your machine or machines mirroring the FTP
> site. The entries seems to be here for a lot of time, but I didn't seem to see
> any reference about them on the mailing lists.
>
> There are nested directories that create a pathname with a shell code at the
> end, very suitable to overflow some stack...
>
> /ftp/pub/ftp.postgresql.org/pub/.incoming/
> /
>
> /
> /
>
> /11111.O11^'^1^=11V^=^1FF^LV^L/bin/sh
>
> Entries have been last modified (on my server) at this time:
>
> drwxr-xr-x 3 ftp ftp 1024 Jul 28 20:37
> ?????????????????????????????????????????????????????????????????????????????
> ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
>
> Please, delete the entries as soon as possible, but be careful that if the
> exploitable hole is in rm or mc (or whatever tool you intend to use to delete
> them), you could activate the exploit.
>
> A small look at the BugTRAQ archives should help you finding what tool has the
> hole these entries are made to exploit.
>
> Pheraps the incoming dir should be monitored a little more .
>
> Bye!
>
> --
> Daniele
>
> -------------------------------------------------------------------------------
> Daniele Orlandi - Utility Line Italia - http://www.orlandi.com
> Via Mezzera 29/A - 20030 - Seveso (MI) - Italy
> -------------------------------------------------------------------------------
>
> ************
>
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy(at)hub(dot)org secondary: scrappy(at){freebsd|postgresql}.org
From | Date | Subject | |
---|---|---|---|
Next Message | Hiroshi Inoue | 1999-08-23 23:53:13 | RE: [HACKERS] Caution: tonight's commits force initdb |
Previous Message | Daniele Orlandi | 1999-08-23 22:45:34 | Attempt to crack ftp site |