Re: root compromise on debian woody
On Thu, 26 May 2005, Selva Nair wrote:
> On 5/26/05, Joey Hess <joeyh@debian.org> wrote:
> > Selva Nair wrote:
>
> > > I have taken the system off the net and am in the process of
> > > re-installing but the existence
> > > of such an easy to use and effective privilege escalation kit is
> > > quite disturbing. As I have only access to the binary left behind by
> > > the attacker I'm pretty clueless as to how the exploit works.
> > > Although pretty well familiar with Linux and have been running servers
> > > for several years,
> > > this is the first time facing a root exploit, so I'm rather clueless
> > > as to what to do.
> > >
> > > Any advice would be highly appreciated.
the problem is not that the existence of a program that allows anybody
to become root, but, the real problem is preventing "any arbitrary" person
or program" from gaining access to the machine
- allow only certain ip# to log into your servers
and everybody should not have an acct on those servers
> > CAN-2005-1263 [Linux kernel ELF core dump privilege escalation]
> > - kernel-source-2.6.11 2.6.11 2.6.11-4
> > - kernel-source-2.6.8 2.6.8-16
> > - kernel-source-2.4.27 2.4.27-10
always use the latest kernel ... from kernel.org ...
and similarly with other important binaries from their
respective originating site
mta, apache, kernel, glib, make/gcc, bash, endless list
and watch out for the new dog that will bite because its
the newest and latest sources ( with unknown bugs ) vs the "old dog"
( older versions with known exploits )
roll the dice ... old buggs ... or new buggs .. snake eyes
c ya
alvin
Reply to: