Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
  • From: GarUlbricht7@xxxxxxxxxxxx
  • Date: Sun, 30 Nov 2003 18:29:48 -0500
  • Message-id: <4498E8EC.65B69E66.16F823AE@xxxxxxxxxxxx>
"Olivier M." <qmail@xxxxxxxxxxxxx> wrote:
>On Sun, Nov 30, 2003 at 04:51:54AM -0500, GarUlbricht7@xxxxxxxxxxxx wrote:
>
>> However,Oliver,if you really think your box has been cracked because
>> of a ptrace exploit, in addition to posting to this list,
>> send a copy to:
>>
>> security@xxxxxxx
>
> Ok, I will later today.
>
>> (In fact I think they would have preferred you wrote
>> to them first, but that's your call.)
>
> I think just "writing" here is fine: it would be different
> If I had attached the exploit binary to my message...
>
> Before writing to suse, I'd like to make some more checks,
> and find another test server with suse 8.1:
> but all the other servers runs 8.2 or newer :/
>

Oliver,

I can understand your desire to run additional checks.
However, you didn't say if you have "unplugged" your
"cracked" server from the net. Hopefully you have.
If not, please do so Immediately if not sooner !!!

Also there was a nice check list furnished by
Philippe Vogel in a thread last "Sep" entitled:
"Apache Gain Remote Shell Access"
http://lists.suse.com/archive/suse-security/2003-Sep/0027.html
for checking if you think the box has been cracked.

Remember, if it truly has beencracked, some if not many of
your tools may be giving supirious info.

Hope this helps,
Gar

--

Higdon's Law: (as quoted by Bruce Marshall)
"Good judgement comes from experience."
"Experience comes from bad judgement."

--


__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge. Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

< Previous Next >