Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
re: [suse-security] Sambal root exploit found
  • From: "Michael Ryan" <ryanm3@xxxxxxxxxx>
  • Date: Fri, 16 May 2003 14:40:00 01100
  • Message-id: <HEZFAQ01.4SP@xxxxxxxxxxxx>

Patches for samba have been available for around a month now ... take the box offline, wipe it and re-install SuSE 8.1 or 8.2 if possible. Use SuSEfirewall2 to block access to unneeded services and/or disable them.

Best advice I can give I'm afraid ...

mik

Christian Boxhammer <box@xxxxxxxxxxxxxxxxxxxxx> wrote:
__________
>Hello list,
>
>I have found a root exploit on our Linux Server (SuSE 7.2). The machine ist
>running samba-2.2.0a-51. This root exploit is named sambal. It creates a new
>user named postgres with HOME=/var/lib/pgsql/.
>It can attack Linux, FreeBSD, NetBSD and OpenBSD machines. The source Code of
>this exploit can be found on www.netric.org.
>
>My Problems:
>How dangerous is this?
>How can I detect, what the hacker does with our system? (HISTFILE unset by
>exploit)
>Does anyone know anything about sambal?
>
>Thanks
> Christian
>
>
>
>--
>Check the headers for your unsubscription address
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>Security-related bug reports go to security@xxxxxxx, not here
>
>



< Previous Next >