nagios backdoor
Andreas Ericsson
ae at op5.se
Wed Jun 12 18:50:55 CEST 2013
On 06/06/2013 10:46 PM, William Leibzon wrote:
> Sounds like they got through some sort of security hole in apache and
> accessed database on the server, probably as apache/www user and not
> root. Unsure from the information given if this apache backdoor would
> have had anything to do with nagios cgi or not.
>
> BTW the description of how it happened is rather interesting. I
> remember 6 or 7 years ago when I was still following security more
> closely people have been talking about possibility of this (hacking
> with only in-memory application replacement) on certain forum that
> shall remain unnamed. I have never seen or heard of this being done at
> any company I consult for though.
>
It's not particularly difficult. All exploits work by modifying
executable code in memory to make a program do what they want. If one
can get root access that way, it's possible to freeze a process and
replace it entirely.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list