Patches for samba have been available for around a month now ... take the box offline, wipe it and re-install SuSE 8.1 or 8.2 if possible. Use SuSEfirewall2 to block access to unneeded services and/or disable them. Best advice I can give I'm afraid ... mik Christian Boxhammer <box@mail.geod.uni-bonn.de> wrote: __________

Hello list,

I have found a root exploit on our Linux Server (SuSE 7.2). The machine ist running samba-2.2.0a-51. This root exploit is named sambal. It creates a new user named postgres with HOME=/var/lib/pgsql/. It can attack Linux, FreeBSD, NetBSD and OpenBSD machines. The source Code of this exploit can be found on www.netric.org.

My Problems: How dangerous is this? How can I detect, what the hacker does with our system? (HISTFILE unset by exploit) Does anyone know anything about sambal?

Thanks Christian

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here