[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My machine was hacked - possibly via sshd?

s. keeling wrote:

>Incoming from David Pastern:
>  
>
>>On Tue, 2005-03-29 at 07:25 +1000, Malcolm Ferguson wrote:
>>    
>>
>>>I'm curious though about your statements telling me that everything I 
>>>have is old and that I should be using new versions.  This makes me ask: 
>>>what is the point of Debian stable?  Everything but the kernel was a 
>>>Debian stable package with all the latest security patches.
>>>      
>>>
>>Your kernel is old.  That's for starters.  2.4.30 is in rc2 now.  It
>>alone fixes some security issues.  2.4.18 is ancient, and there's most
>>    
>>
>
>But 2.4.18 is the Debian stable kernel, which gets security updates
>and patches, no?
>  
>

No, it doesn't. I really think that packages like this old kernel should
be removed from the mirrors, or at least updated with big fat warning.

Anyway, the kernel in woody are not up to date. You *have to* roll your
own kernel. At this time you should use the latest 2.4.x kernel, or
2.6.x if you need to. If you don't roll your own kernels, at least for
machines with remote access, then all local users can get root.

An up-to-date kernel would have stopped a script kiddie from rooting the
box. The damage would have been contained to the 'steve' user.

- Adam
Reply to: