Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
  • From: GarUlbricht7@xxxxxxxxxxxx
  • Date: Sun, 30 Nov 2003 04:51:54 -0500
  • Message-id: <64472387.5C70D465.16F823AE@xxxxxxxxxxxx>
Kastus <NOSPAM@xxxxxxxxxx> wrote:

>On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
>> A suse 8.1 based server has been cracked, and the "visitor" left
>> all his tools, so I've been able to play with it as well.
>> The server was kept "up to date", but look at that:
>> om@box:~/tmp> uname -a
>> Linux box 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> This date looks suspicious.
> The kernel from k_deflt-2.4.19-340 has time stamp Mon Aug 4 23:38:42 UTC 2003
>> om@box:~/tmp> rpm -qa|grep k_
>> k_deflt-2.4.19-340
> I doubt the kernel you are running belongs to this package.
> Did you try to verify k_deflt package? What's the output of
> rpm -V k_deflt ?
>Also check your bootloader, what kernel is actually gets booted.
>Regards, -Kastus

Hi Kastus and Olivier,

I am running SuSE 8.1 with k-deflt-2.4.19-340 on my box.
As Kastus pointed out, when I do uname -a on a Konsole, I get:

[gar@box1 gar]$ uname -a
Linux gandalf 2.4.19-4GB #1 Mon Aug 4 23:38:42 UTC 2003 i686 unknown
[gar@gandalf gar]$

How do you have:
Linux box 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown ????

However,Oliver,if you really think your box has been cracked because
of a ptrace exploit, in addition to posting to this list,
send a copy to:


as I am sure Roman and his Team will want to know.

(In fact I think they would have preferred you wrote
to them first, but that's your call.)

Hope this helps,

In the Beginning was the Command Line
---Neal Stephenson


McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!

Get AOL Instant Messenger 5.1 free of charge. Download Now!

< Previous Next >
Follow Ups