On 06/06/2013 10:46 PM, William Leibzon wrote: > Sounds like they got through some sort of security hole in apache and > accessed database on the server, probably as apache/www user and not > root. Unsure from the information given if this apache backdoor would > have had anything to do with nagios cgi or not. > > BTW the description of how it happened is rather interesting. I > remember 6 or 7 years ago when I was still following security more > closely people have been talking about possibility of this (hacking > with only in-memory application replacement) on certain forum that > shall remain unnamed. I have never seen or heard of this being done at > any company I consult for though. >
It's not particularly difficult. All exploits work by modifying executable code in memory to make a program do what they want. If one can get root access that way, it's possible to freeze a process and replace it entirely. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
