On Sat, Apr 02, 2005 at 09:12:55PM +0200, Frederik Dannemare wrote: > > No need to wait for being "allowed" in. There's been plenty of remote > vuln. in many popular services the last couple of years. Many have > likely found their way in to the system through one of those, and then > further been able to get root via some local kernel vuln. You misunderstood me, I didn't say that people might have Internet-facing boxes with _no_ security updates. I said that a woody system installed with boot-floppies and with _no_ kernel updates whatsoever (but with proper security updated for other services) is not necessarily easily rooted on the Internet. Believe me, I've had some of those in the past and I'm pretty sure there are people still running those. And I didn't say those people were running "popular" services either. Please bear in mind that the default woody installation left a few open services by default, IIRC these included exim (see #170451, fixed for sarge), ssh, portmap, rpc.statd and some of inetd's "small" servers (discard, daytime and time see #81118, #261906 and #237535 also fixed for sarge). Better than the potato (and previous releases) default installations (which included telnetd and rpc.mountd too). There have been some remote exploits against both exim and ssh in the the past. But if a woody system is kept up to date with security.debian.org it should be not _that_ easy to break into even if the kernel is vulnerable. If you want to prove me otherwise I can setup a fully patched default installation of woody but with a vulnerable kernel in a production honeypot environment and provide you with its IP address. Regards Javier
Attachment:
signature.asc
Description: Digital signature