A number of responses received.. In-Reply-To: <9606158374.AA837457562@mail-out.un.org> Subject: Re: Summary on the phf web server hack. ----------------------------------------------------------------------------- Date: Tue, 16 Jul 1996 21:58:10 -0500 (CDT) From: "Jeffrey B. Davis" <jeff@dfw.net> Message-Id: <Pine.SUN.3.94.960716215606.5301D-100000@dfw.dfw.net> The best way that know to protect this (the easiest) is to chmod 000 phf (also, rename it to something else that would be hard to guess if you must use it). Simple solutions. There is also another CGI program that came standard with most servers that has a simialar problem. CGI-wrapper programs aer also available to help out. Do a search. jeff ----------------------------------------------------------------------------- Date: Wed, 17 Jul 1996 10:23:37 +0200 (EET) From: Sra Jason Price <pricej@bncc1.incirlik.af.mil> Message-Id: <Pine.HPP.3.94.960717102015.25290A-100000@bncc1.incirlik.af.mil> It doesn't mean they grabbed your passwd file. The resuls on ours running Apache 1.0 (upgrading today) is "Query Results" "/usr/local/bin/ph -m alias=x\/bin/cat /etc/passwd" ----------------------------------------------------------------------------- Date: Wed, 17 Jul 1996 08:46:39 -0700 From: Harold Alston <harold@dornsife.com> Message-ID: <31ED0AD3.48C9@dornsife.com> Thank you for summing up the "Dirty Dog" attack. I found one on our server when reviewing the error log (the crack was unsuccessful) and tried to explain to my boss what it was. He has allowed our development department to use CGI scrips at will, against my wishes, your note along with some other info I have collected will hopefully show him the danger of allowing poorly/hastely written code to reside on the server. Thanks again. ----------------------------------------------------------------------------- -- +---------------------+--------------------------------------------------+ | ____ ___ |-= Justin Lister email: ruf@uow.edu.au =-| | | \\ /\ __\ | Center for Computer Security Research (CCSR) | | | |) / \_/ / |_ | Dept. Computer Science, University of Wollongong | | | _ \\ /| _/ |zenmsg: Computer Security a utopian dream.| | |_/ \/ \_/ |_| (tm) |-= prefix: +61-42 =- Disclaimer: dream own risk.| | |-= fax: 214329 mobile: 0412139269 voice: 835114 =-| +---------------------+--------------------------------------------------+