Re: DHCP - rootkit

To: debian-security@lists.debian.org
Subject: Re: DHCP - rootkit
From: Phillip Hofmeister <plhofmei@zionlth.org>
Date: Sat, 2 Nov 2002 14:48:11 -0500
Message-id: <[🔎] 20021102194811.GA4141@zionlth.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20021101224143.GB20618@llama.nslug.ns.ca>
References: <20021030002225.GI31030@morgul.net> <Pine.LNX.3.96.1021029170158.2988A-100000@Maggie.Linux-Consulting.com> <[🔎] 20021101224143.GB20618@llama.nslug.ns.ca>

On Fri, 01 Nov 2002 at 06:41:43PM -0400, Peter Cordes wrote:
>  MD5 is still believed to be secure.  i.e. Nobody can modify a binary so
> that it has different contents but the same MD5 hash, unless they are _very_
> _very_ lucky.  The task becomes even more difficult if you check the length
> of the file as well as the hash.
if (filename == MYHACKEDFILE) {
	cout << "WHATEVERIEXPECTTHEMD5SUMTOBE"
}
AFA file legnth go...the kernel source is available and I am sure you
could re-write that also...
-- 
Phil

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #239: IRQ-problems with the Un-Interruptable-Power-Supply

Reply to:

References:
- Re: DHCP - rootkit
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: unsubscribe
Next by Date: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Previous by thread: Re: DHCP - rootkit
Next by thread: tiger reporting thousands of files with "undefined groups ownership"
Index(es):
- Date
- Thread