On Sunday 12 December 2004 17:46, Marek Podmaka wrote: > I don't want to give hints on how to exploit this, but the attacker > did wget the .tgz file, unpacked it in /tmp and run the program. > > So update all your phpBB installations ASAP (and of course all > installations of your customers).
On a somewhat related note ... I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usr and /boot ro. These minor changes can prevent common automated attacks (probably the one you encountered) and don't cause any problems. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Georgetown, Ontario, Canada Debian GNU/Linux