[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Apparent SNMP remote-root vulnerability.

From: Chris Evans <chris ferret lmh ox ac uk>
To: Dan Reish <dreish izzy net>
Cc: linux-security redhat com
Subject: Re: [linux-security] Re: Apparent SNMP remote-root vulnerability.
Date: Mon, 11 May 1998 16:41:34 +0100 (BST)

On Sun, 10 May 1998, Dan Reish wrote:

[re: hacked into]

Dan, firstly, if you haven't touched the compromised system much, do a
"dd" across the raw disk and grep it for log fragments. I have seen vital
erased logs recovered this way before!

> netplan (from plan-server-1.6.1-7)

Suspect, what's this?

> postmaster (from postgresql-6.2.1-7)

In the changes from 6.2.1 -> 6.3.2, "buffer overflows" are mentioned. I
haven't investigated (yet), but this would be something to look into if
you have postgresql listening on an external inet socket.

local->root is a fairly easy step compared with getting a shell from
remotely.

> xntpd from xntp3-5.91 (installed from the sources)

Suspicious. Has it ever been audited?

> sshd from sshd-1.2.22 (installed from the sources) (on ports 21-23)

Anyone know how thoroughly audited sshd is?

> uucpd (from uucp-1.06.1-14)

OpenBSD recently found a buffer overflow in this daemon. Do we share the
same problem/common source base? Another thing to look into.

Cheers
Chris

References:
- Re: [linux-security] Apparent SNMP remote-root vulnerability.
  - From: Dan Reish

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]