Re: Summary on the phf web server hack.

-= IDS Moderator =- (ruf@uow.edu.au)
Fri, 19 Jul 1996 06:01:13 +1000 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Levin Asaf: "Access control in WIN95"
Previous message: Andreas Wespi: "Open Security Research Position"
Maybe in reply to: adamsb@un.org: "Summary on the phf web server hack."

A number of responses received..

        In-Reply-To: <9606158374.AA837457562@mail-out.un.org>
        Subject: Re: Summary on the phf web server hack.

-----------------------------------------------------------------------------
Date: Tue, 16 Jul 1996 21:58:10 -0500 (CDT)
From: "Jeffrey B. Davis" <jeff@dfw.net>
Message-Id: <Pine.SUN.3.94.960716215606.5301D-100000@dfw.dfw.net>

The best way that  know to protect this (the easiest) is to
chmod 000  phf
(also, rename it to something else that would be hard to guess if you must use
it).
 Simple solutions. There is also another CGI program that came standard with
most servers that has a simialar problem.
 CGI-wrapper programs aer also available to help out. Do a search.

jeff

-----------------------------------------------------------------------------
Date: Wed, 17 Jul 1996 10:23:37 +0200 (EET)
From: Sra Jason Price <pricej@bncc1.incirlik.af.mil>
Message-Id: <Pine.HPP.3.94.960717102015.25290A-100000@bncc1.incirlik.af.mil>

It doesn't mean they grabbed your passwd file.  

The resuls on ours running Apache 1.0 (upgrading today) is
"Query Results"
"/usr/local/bin/ph -m alias=x\/bin/cat /etc/passwd"

-----------------------------------------------------------------------------
Date: Wed, 17 Jul 1996 08:46:39 -0700
From: Harold Alston <harold@dornsife.com>
Message-ID: <31ED0AD3.48C9@dornsife.com>

Thank you for summing up the "Dirty Dog" attack. I found one on our 
server when reviewing the error log (the crack was unsuccessful) and 
tried to explain to my boss what it was. He has allowed our development 
department to use CGI scrips at will, against my wishes, your note 
along with some other info I have collected will hopefully show him the 
danger of allowing poorly/hastely written code to reside on the server. 
Thanks again.

-----------------------------------------------------------------------------
-- 
+---------------------+--------------------------------------------------+
|  ____       ___     |-= Justin Lister          email: ruf@uow.edu.au =-|
| |    \\   /\ __\    |   Center for Computer Security Research (CCSR)   |
| | |) / \_/ / |_     | Dept. Computer Science, University of Wollongong |
| |  _ \\   /| _/     |zenmsg:         Computer Security a utopian dream.|
| |_/ \/ \_/ |_| (tm) |-= prefix: +61-42 =-   Disclaimer: dream own risk.|
|                     |-= fax: 214329 mobile: 0412139269 voice: 835114 =-|
+---------------------+--------------------------------------------------+

Next message: Levin Asaf: "Access control in WIN95"
Previous message: Andreas Wespi: "Open Security Research Position"
Maybe in reply to: adamsb@un.org: "Summary on the phf web server hack."