Ok, here is a couple other items.  This would be hacker also had a program
named "Window" but I didn't get the binary or the source for this.  He
deleted it before I had a chance.  Anyone seen this program before? 

It was fortunate that I had already installed the updates for glibc and
traceroute from the redhat errata page, but I'm still curious if he found
another way into root.  Also if anyone is interested, the is some good info
at http://www.rootshell.com

David

At 05:32 PM 3/5/98 +0000, you wrote:
>>>>>> "David" == David S Edwards <[EMAIL PROTECTED]> writes:
>  David> Well I busted somebody trying to hack my webserver that we do
>  David> hosting on.  Since I'm not an expert at decoding some of this
>  David> stuff, I thought I would post the hacks here, hoping that
>  David> somebody could shed some light on it.
>
>[...snip...]
>
>IIRC, this exploits a buffer overflow in the getXXXbYYY() code in
>[g]libc().  The Red Hat Errata provides updates for glibc and for
>traceroute that fix this.  You may want to subscribe to the BUGTRAQ
>mailing list if early warnin of this stuff is interesting to you.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to