16 May
2003
16 May
'03
12:59
Hello list, I have found a root exploit on our Linux Server (SuSE 7.2). The machine ist running samba-2.2.0a-51. This root exploit is named sambal. It creates a new user named postgres with HOME=/var/lib/pgsql/. It can attack Linux, FreeBSD, NetBSD and OpenBSD machines. The source Code of this exploit can be found on www.netric.org. My Problems: How dangerous is this? How can I detect, what the hacker does with our system? (HISTFILE unset by exploit) Does anyone know anything about sambal? Thanks Christian