[CentOS] Exploit 'in the wild' for Trixbox

Nigel Kendrick support-lists at petdoctors.co.uk
Sun Jul 20 16:13:15 UTC 2008

Just in case anyone else needs to know - there's an exploit 'in the wild'
for Trixbox (which is CentOS based) that allows malicious code to be
installed on a server. I discovered that one of my Trixbox servers was
running 3 instances of a perl-based IRC botnet process called httpdse and
this was pegging the CPU at 100%.

Notes, comments, removal instructions, patches etc. here:


Guess that teaches me not to open the Trixbox Web interface to the world.


Nigel Kendrick

More information about the CentOS mailing list