|
Search tenon.com
Thanks to:
|
|
WebTen
Re: Apache Vulnerability in WebTen
On Monday 24 June 2002 04:25 pm, you wrote:
> It's not a matter of whether or not WebTen has certain "commands"
> available. It would be certainly possible for a hacker to "install"
> certain commands on a victimized system in the /tmp directory (to which
> all users have access), and run them. Since any installed command could
> only be run by user nobody, damage would be limited.
hehe, not likely, unless you mean some perl scripts, see, binaries for unix
wont run on just any old unix machine, they have to be compiled for that
particular distro - and last I checked, webten had no such app as GCC
installed with it to compile apps. a Mac will not let you run apps from just
anywhere, it has no concept of root. installing a program on a mac would
require the installation of an applescript which would then know to install
what where.
Given the enormity of the net, I just can't see a script kiddie bothering with
this.
by commands, i mean something such as "ping -f 000.00.00.000 " which would
then begin a DoS attack on a remote machine - since ping is not installed on
a webten box, and since there is no way to compile a source file, there is no
way the machine could be used for that- as an example.
--
Robert Brandtjen
--------------------------------------
Web Site Creation and Hosting Services
Hostmaster@xxxxxxxxxxxxxxxxxxx
www.prometheusmedia.com
|
| Tenon Home |
Products |
Order |
Contact Us |
About Tenon |
Register |
Tech Support |
Resources |
Press Room |
Mailing Lists |
|
Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara,
CA 93101. All rights reserved.
Questions about our website - Contact:
webmaster@tenon.com.
|
|
