Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)

To: Karsten Dambekalns <Karsten@k-fish.de>
Cc: debian-security@lists.debian.org
Subject: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 22 Jul 2005 00:44:47 +0200
Message-id: <[🔎] 20050721224447.GA4561@informatik.uni-bremen.de>
In-reply-to: <[🔎] 200507212017.39013.Karsten@k-fish.de>
References: <[🔎] 200507212017.39013.Karsten@k-fish.de>

In gmane.linux.debian.devel.security, you wrote:
> Now, I find it unlikely to see the same local root exploit in 2.4.18 and 
> 2.6.7. How did he gain root access?

Are you sure it's 2.6.7 and not 2.6.8, the Sarge kernel?
Anyway, there are several unfixed local privilege escalation security
issues in both 2.6.8 and 2.4.18 that are currently unfixed, several
of which have publicly available exploit code.

The interesting question about your system is what you are running on
top of your LAMP system. Did you install any web apps along side the
distribution?

Cheers,
        Moritz

Reply to:

References:
- Help needed - server hacked twice in three days (and I don't think I'm a newbie)
  - From: Karsten Dambekalns <Karsten@k-fish.de>

Prev by Date: last -t lists all entries in wtmp
Next by Date: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Previous by thread: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Next by thread: Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)
Index(es):
- Date
- Thread