httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jez Hancock <jez.hanc...@munk.nu>
Subject Re: [users@httpd] Strange Error log msgs
Date Fri, 06 Feb 2004 19:19:57 GMT
On Fri, Feb 06, 2004 at 12:19:27PM -0500, Adam Goldstein wrote:
> This is a dedicated user system, and the site author says nothing uses 
> 'su' , and everything is in php, no cgi.
> neither apache nor php has suexec capability.
> 
> I did a grep for "su -a" and found nothing, and obviously grep'ing for 
> just "su" would be a bit crazy.
> 
> the error has no time stamp, and no page reference.
> Is there any known exploit or vulnerability in that version of apache 
> to allow an su command to occur from an outside request?
The error would occur if someone put this in a php script:

$bleh=`su -a`;

It's not a problem with apache in short - the problem is with a
script that is being misused - either maliciously or inadvertently.

Unfortunately grepping for 'su' might not even be enough - consider 
some code like this in a php script:

$output=`$_POST["cmd"]`;

then if someone posted a form after entering 'su -a' in the 'cmd' form
field, the error you're seeing would be generated.


-- 
Jez Hancock
 - System Administrator / PHP Developer

http://munk.nu/
http://jez.hancock-family.com/  - Another FreeBSD Diary
http://ipfwstats.sf.net/        - ipfw peruser traffic logging

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message