Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
  • From: Kastus <NOSPAM@xxxxxxxxxx>
  • Date: Sat, 29 Nov 2003 17:00:30 -0800
  • Message-id: <20031130010030.GA3833@xxxxxxxxxx>
On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
>
> A suse 8.1 based server has been cracked, and the "visitor" left
> all his tools, so I've been able to play with it as well.
> The server was kept "up to date", but look at that:
>
> om@box:~/tmp> uname -a
> Linux box 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This date looks suspicious.
The kernel from k_deflt-2.4.19-340 has time stamp Mon Aug 4 23:38:42 UTC 2003

> om@box:~/tmp> rpm -qa|grep k_
> k_deflt-2.4.19-340

I doubt the kernel you are running belongs to this package.
Did you try to verify k_deflt package? What's the output of
rpm -V k_deflt ?

Also check your bootloader, what kernel is actually gets booted.

Regards, -Kastus

< Previous Next >
Follow Ups
References