Selva Nair wrote:
Hi all,
One of my machines running debian woody (up to date with all
security updates)
was broken into yesterday. The attacker gained a normal user access possibly by
cracking a weak password and then managed to get a root shell, install a
rootkit etc...
Looking through evidence left behind (bash_history etc..) I have
figured out that
the privilege escalation was achived using an executable that the
attacker downloaded
from the net. I have verified that this binary is indeed capable of
giving root shell to any user
and it works on two test systems I tried -- one woody and one redhat 7.2.
Could you please give the link to this binary? I run couple of debian
machines and am quite intimidated by your email. I want to cross check
what you have been proposing. If the problem is reproducible, then I
guess the security team would be happy to give us a security-update.
raju
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
