Re: Security problem
On Thu, 22 Oct 1998, King Lee wrote:
: Hello,
:
: At our school our system administrator (who is very good) was
: running Red Hat 5.1 and someone broke in and got root privileges.
: Since he had written a Lan watch, we think we know how it happened.
:
: The Lan Watch showed someone form Israel send a very long
: packet to mountd. Shortly after, two names were added to
: the password file with user id 0. We suspect that
: /etc was NFS mounted with write permission. Afterwards
: there were logins from the two added names and rsh was changed.
:
:
: Is Debian vulnerable? Unfortunately, I haven't progressed
: to the stage where I am comfortable looking at code.
This security hole, and the fix, were announced on debian-security a few
weeks ago. I'll look for the announcement.
So yes, some systems are vulnerable, but there is a fix available.
--
Nathan Norman
MidcoNet 410 South Phillips Avenue Sioux Falls, SD
mailto:finn@midco.net http://www.midco.net
finger finn@home.midco.net for PGP Key: (0xA33B86E9)
Reply to: