On Wed, Aug 24, 2005 at 06:14:59PM +0800, Aldous Penaranda wrote: > On Wed, 24 Aug 2005 12:07:00 +0200, Petter Reinholdtsen wrote: > > > Are there known security holes in sshd in oldstable (woody)? > > A quick bug search gave me this: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413 > > It's tagged security and wontfix for woody. > > Maybe the cracker used this to find valid users and used bruteforce to > guess a password to get in? I haven't seen any rootkit toolkit add this into its arsenal (yet) so I would vote that the first server was cracked through a ssh bruteforce attack, got local access and then rooted the box through a kernel hole. That's the most common scenario from my experience, SSH scanning is all too common these days. Regards Javier
Attachment:
signature.asc
Description: Digital signature