"Olivier M." <qmail@orion.8304.ch> wrote:

On Sun, Nov 30, 2003 at 04:51:54AM -0500, GarUlbricht7@netscape.net wrote:

...

However,Oliver,if you really think your box has been cracked because of a ptrace exploit, in addition to posting to this list, send a copy to:

security@suse.de

Ok, I will later today.

...

(In fact I think they would have preferred you wrote to them first, but that's your call.)

I think just "writing" here is fine: it would be different If I had attached the exploit binary to my message...

Before writing to suse, I'd like to make some more checks, and find another test server with suse 8.1: but all the other servers runs 8.2 or newer :/

Oliver, I can understand your desire to run additional checks. However, you didn't say if you have "unplugged" your "cracked" server from the net. Hopefully you have. If not, please do so Immediately if not sooner !!! Also there was a nice check list furnished by Philippe Vogel in a thread last "Sep" entitled: "Apache Gain Remote Shell Access" http://lists.suse.com/archive/suse-security/2003-Sep/0027.html for checking if you think the box has been cracked. Remember, if it truly has beencracked, some if not many of your tools may be giving supirious info. Hope this helps, Gar -- Higdon's Law: (as quoted by Bruce Marshall) "Good judgement comes from experience." "Experience comes from bad judgement." -- __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455