26 Feb
2005
26 Feb
'05
12:53 a.m.
On Fri, 25 Feb 2005, Jonathan Hutchins wrote:
Um, yes. I believe that's implied in my earlier query. In particular, there is the kernel update, and I will be looking for further ways to tighten CGI security, as well as looking for other clues.
If you were running a version of awstats that was older than a couple of weeks, update it. It allows command execution via port 80 as your apache owner. Also, versions of the linux kernel older than 2.4.29 and 2.6.somehting had a bug that allowed a local root exploit. Put these two together, and you've got yourself a remote root exploit.
That's an educated guess, at least. Remote logging is my personal new security enhancement.
Regards,
-Don