Kastus <NOSPAM@tprfct.net> wrote:
On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
A suse 8.1 based server has been cracked, and the "visitor" left all his tools, so I've been able to play with it as well. The server was kept "up to date", but look at that:
om@box:~/tmp> uname -a Linux box 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This date looks suspicious. The kernel from k_deflt-2.4.19-340 has time stamp Mon Aug 4 23:38:42 UTC 2003
om@box:~/tmp> rpm -qa|grep k_ k_deflt-2.4.19-340
I doubt the kernel you are running belongs to this package. Did you try to verify k_deflt package? What's the output of rpm -V k_deflt ?
Also check your bootloader, what kernel is actually gets booted.
Regards, -Kastus
--
Hi Kastus and Olivier, I am running SuSE 8.1 with k-deflt-2.4.19-340 on my box. As Kastus pointed out, when I do uname -a on a Konsole, I get: [gar@box1 gar]$ uname -a Linux gandalf 2.4.19-4GB #1 Mon Aug 4 23:38:42 UTC 2003 i686 unknown [gar@gandalf gar]$ How do you have: Linux box 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown ???? However,Oliver,if you really think your box has been cracked because of a ptrace exploit, in addition to posting to this list, send a copy to: security@suse.de as I am sure Roman and his Team will want to know. See: http://www.suse.de/de/security/contact/index.html (In fact I think they would have preferred you wrote to them first, but that's your call.) Hope this helps, Gar -- In the Beginning was the Command Line ---Neal Stephenson -- __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455