Re: Security problem

To: King Lee <king@ultrix6.cs.csubak.edu>
Cc: debian-user@lists.debian.org
Subject: Re: Security problem
From: Nathan E Norman <finn@midco.net>
Date: Thu, 22 Oct 1998 19:14:22 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.3.96.981022191327.7632A-100000@brahe.midco.net>
In-reply-to: <[🔎] Pine.ULT.3.93.981022160818.7676A-100000@ultrix6.cs.csubak.edu>

On Thu, 22 Oct 1998, King Lee wrote:

 : Hello,
 : 
 : At our school our system administrator (who is very good) was
 : running Red Hat 5.1 and someone broke in and got root privileges.
 : Since he had written a Lan watch, we think we know how it happened.
 : 
 : The Lan Watch showed someone form Israel send a very long
 : packet to mountd.  Shortly after, two names were added to
 : the password file with user id 0.  We suspect that 
 : /etc was NFS mounted with write permission. Afterwards
 : there were logins from the two added names and rsh was changed.
 : 
 : 
 : Is Debian vulnerable?  Unfortunately, I haven't progressed
 : to the stage where I am comfortable looking at code.

This security hole, and the fix, were announced on debian-security a few
weeks ago.  I'll look for the announcement.

So yes, some systems are vulnerable, but there is a fix available.

--
Nathan Norman
MidcoNet  410 South Phillips Avenue  Sioux Falls, SD
mailto:finn@midco.net           http://www.midco.net
finger finn@home.midco.net for PGP Key: (0xA33B86E9)

Reply to:

References:
- Security problem
  - From: King Lee <king@ultrix6.cs.csubak.edu>

Prev by Date: Available packages
Next by Date: debian.midco.net mirror
Previous by thread: Security problem
Next by thread: Re: Security problem
Index(es):
- Date
- Thread