On Thu, Nov 16, 2006 at 08:25:00PM +0000, Dave Ewart wrote:
to which the machine is put. Kernel bugs are normally only exploitable by local users; SSL bugs are most likely to be exploitable remotely. If
Only partly true, I think. If you have a server application like apache, which has a bug giving you a shell, you can then use the local exploit to become root. So you should think a little ahead, that’s safer. ;-)
IIRC the hacking of a Debian server happened in a similiar way. Someone got a compromised SSH key, logged in as this user and used a local exploit.
Shade and sweet water!
Stephan
--
| Stephan Seitz E-Mail: [EMAIL PROTECTED] |
| PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html |
signature.asc
Description: Digital signature
