On Wed, Jul 03, 2002 at 10:21:26AM +0200, Bastian Schmick wrote:
Does anybody know if there are other explanations for these segfaults? Am I still vulnerable even after doing regular security updates of all packages?
The security fix we issued should plug the hole. So either you're seeing a different attack, or the patch we issued for 7.3 still has problems. In any case it would be good if you had a trace of what input the attacker was sending to your httpd. Do you?
How can I find out if my machine has been hacked?
Now that's a good question :-) Quite often, root kits will create directories in places where you usually won't check - subdirectories in /dev, /etc or /bin, for instance (sometimes using funky names like "..." oder " ". Some replace syslogd with a trojaned version, or add a line to /etc/inetd.conf. Etc etc. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann