Re: [d-security] Debian Stable server hacked

To: Thijs Welman <thijs@balpol.tudelft.nl>
Cc: debian-security@lists.debian.org
Subject: Re: [d-security] Debian Stable server hacked
From: Christian Hammers <ch@westend.com>
Date: Wed, 6 Aug 2003 16:44:23 +0200
Message-id: <[🔎] 20030806144423.GF22730@westend.com>
Mail-followup-to: Christian Hammers <ch@westend.com>, Thijs Welman <thijs@balpol.tudelft.nl>, debian-security@lists.debian.org
In-reply-to: <[🔎] 3F310A43.9060101@balpol.tudelft.nl>
References: <[🔎] 3F310A43.9060101@balpol.tudelft.nl>

Hello

On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote:
> I'm puzzled about how they managed to get those processes running (as
> root). There are no local accounts, other than some accounts for the
> sysadmins. Does anyone have any idea how they might have done this? 
Most times, servers are not cracked by somebody "logging in" and get
root permissions somehow but by somebody who convinces a running network
daemon like a web, database or mail server via means of buffer overflows
etc to execute arbitrary code instructions. This code will then e.g.
write a shell script and executes it or spanws a shell. You will never
see an atacker in your "last" log :-)

Try "nmap" to see which services are reachable from the network.

bye,

-christian-

Reply to:

References:
- Debian Stable server hacked
  - From: Thijs Welman <thijs@balpol.tudelft.nl>

Prev by Date: Debian Stable server hacked
Next by Date: Re: Debian Stable server hacked
Previous by thread: Debian Stable server hacked
Next by thread: Re: Debian Stable server hacked
Index(es):
- Date
- Thread