Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security issue - pget file in /tmp

Discussion in 'Security' started by jols, Dec 5, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    168
    Over the past 10 days or so we keep finding this file in the /tmp directory:

    file name - pget

    file content:

    ---------------------------------------

    #!/usr/bin/perl
    use IO::Socket;
    use strict;
    use warnings;
    $ARGV[0] =~ m,http://([^/]+)/(.+),;
    my $server = $1; my $path = $2;
    my $socket = new IO::Socket::INET(Proto => 'tcp', PeerAddr => $server, PeerPort => 80) or die "Can't connect\n";
    print $socket "GET /$path HTTP/1.0\r\nHost: $server\r\n\r\n";
    my $input = <$socket>;
    die "Error, got: $input" unless $input =~ /200 OK/;
    my $start = undef;
    while ($input = <$socket>) {
    if ($start) {
    print $input;
    }
    elsif ($input =~ m/^\r\n$/) {
    $start =1;
    }
    }

    ---------------------------------------

    We have secured our tmp directories, so running this file produces this result:

    # ./pget
    # -bash: ./pget: Permission denied


    Does anyone have an idea of what this may be all about?
     
    #1 jols, Dec 5, 2006
  2. randomuser

    randomuser Well-Known Member

    Joined:
    Jun 25, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    166
    Now you can go slap|choke|punch everyone who ever wrote or told you about "securing" /tmp, leading you to believe that there is something inherently "secure" about making it noexec,nosuid,nodev etc. Can it be written to? Yes. Therefore it is not secure.

    Search the forums for:
    +hacked +tmp
    +hack +tmp

    and you will find a ton of info about how this could have happened, how files can still be executed in tmp by calling command interpreters such as perl and the like, and how to go about locating the cause of the attack.
     
    #2 randomuser, Dec 5, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - Security issue pget
  1. marcuszan

    security advisor kernel update version issue

    marcuszan, Aug 13, 2018 at 6:42 AM, in forum: General Discussion
    Replies:
    3
    Views:
    74
    cPanelLauren
    Aug 14, 2018 at 1:21 PM
  2. speckados

    Some issues about security SSL in POP3/IMAP

    speckados, May 11, 2018, in forum: Security
    Replies:
    2
    Views:
    172
    speckados
    May 11, 2018
  3. efuzone

    Email Security Issues

    efuzone, Mar 19, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    251
    cPanelMichael
    Mar 20, 2018
  4. Clixer

    Does memcached pose any security issues?

    Clixer, Mar 5, 2018, in forum: Security
    Replies:
    3
    Views:
    196
    Clixer
    Mar 6, 2018
  5. ciao70

    Security Issue letsencrypt

    ciao70, Jan 10, 2018, in forum: Security
    Replies:
    2
    Views:
    231
    ciao70
    Jan 10, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice