1. fosiul0132,475
2. Blaz32,066
3. KeremE27,463
4. noci20,606
5. omarfarid15,452
6. DaveHowe13,650
7. Tintin10,750
8. woolmilkp...10,725
9. uetian170710,415
10. oklit10,100
11. ahoffmann9,500
12. small_stu...9,394
13. giltjr8,500
14. fmarzocca8,000
15. it4soho6,775
16. rsivanandan6,500
16. rcflyr6,500
16. MiLLeNNiuM6,500
19. ai_ja_nai6,300
20. WizRd-Li...6,275
21. gheist5,825
22. jools5,800
23. _jesper_5,600
24. mwecom...5,575
25. Redimido5,500

1. ahoffmann200,276
2. ravenpl110,775
3. jlevie95,810
4. Blaz74,071
5. Redimido71,848
6. noci67,844
7. kblack0565,801
8. omarfarid48,131
9. fosiul0147,936
10. shakoush...47,887
11. KeremE39,963
12. Nopius36,400
13. Tintin35,905
14. xDamox32,605
15. wesly_c...31,085
16. decoleur29,587
17. XoF28,530
18. Mysidia25,470
19. DaveHowe25,014
20. slyong21,932
21. pjedmond21,733
22. giltjr19,930
23. chris_cal...19,816
24. uetian170717,515
25. rindi16,950

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

07/26/2003 at 01:13AM PDT, ID: 20691048

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.4

How do I stop this apache exploit?

Asked by vancetech in Linux Network Security

Tags: apache, exploit

I noticed two processes running by apache this evening:
apache 32744 0.0 0.0 1364 272 ? S Jul25 0:00 ./ptrace
apache 32767 98.6 0.0 1348 288 ? R Jul25 378:36 ./localroot

and found the files in the /tmp directory:

/tmp
-rw-r--r-- 1 apache apache 1828 Mar 26 12:03 bd.c
-rwxr-xr-x 1 apache apache 16400 Jul 25 18:01 logs
-rwxr-xr-x 1 apache apache 17804 Apr 8 09:29 ptrace
-rwxr-xr-x 1 apache apache 19913 Jul 26 00:33 localroot

Then I checked the apache log file and found this:

--18:01:17-- http://www.myxpls.hpg.com.br/exploit/locais/bd.c
=> `bd.c'
Resolving www.myxpls.hpg.com.br... done.
Connecting to www.myxpls.hpg.com.br[200.226.137.9]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,828 [text/plain]

0K . 100% 1.74 MB/s

18:01:17 (1.74 MB/s) - `bd.c' saved [1828/1828]

bd.c: In function `main':
bd.c:77: warning: comparison between pointer and integer

----------------------

So my question is, what am I doing wrong that I allowed this user gain access? I am almost completly up2date on my Redhat 7.2 linux box ( have to update the kernel they just released ) so I was under the impression that I am hacker "resistant".

Should I be taking more security steps than just making sure my rpms are up2date like compiling the latest code from source? I thought RPMs had the latest security flaws in them fixed? I must be missing something.

Thank you for you help :(