[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
linuxchix at puzzling.org
Thu Nov 22 08:39:10 EST 2001
On Wed, Nov 21, 2001 at 12:27:20PM -0800, jennyw wrote:
> When you say privileges, do you mean file system privileges? Or just that it
> gives access to a lot of running processes?
It gives access to a lot of running programs *and everything they have
access to as well*. So if, for example, both sendmail and apache are
running as nobody and apache gets compromised, then the invader has
nobody access and can start fooling around with sendmail.
Maybe apache only had the simple vulnerability that let them get access,
but perhaps there are ways that they can use sendmail to manipulate the
logs, or open ports, or access files, or relay mail, that wouldn't have
occured if they hadn't been able to get at sendmail too.
Disclaimer: program names chosen for recognition, not for realism.
<mary at puzzling.org>
More information about the Techtalk