On 12/17/2010 12:35 PM, Vladislav Kurz wrote: > On Friday 17 of December 2010, Thorsten Göllner wrote: >> Hi, >> >> I have installed Debian 5.0.7. Since 2 days my exim4 does not deliver >> mails. I always get the message, that the mail is not routeable. I only >> used "dpkg-reconfigure exim4-config" without touching one config file by >> hand. I detected a log message (panic log) which says, that there was a >> "too large message". Since that point exim4 stopped working. > > The last exploit of exim4 is based on too large messages causing buffer > owerflows that can lead to root privileges. (Sorry for simplification, full > details are on exim mailing list). > >> The other point is that pstree reports a process "zinit" I never saw in >> the past: >> >> <snip> >> >> But I do not have any idea what it is. And I can not see the process >> with "ps": >> > > If pstree shows zinit and ps does not, it might mean that you are already > rooted (owned, hacked, cracked, etc), and your ps binary was modified to hide > the presence of rootkit named zinit. Good point. Try to check the md5sum of ps: # apt-get install debsums # debsums procps > >> Do I have a security issue here? Any other idea? > > IMHO yes, you have a security issue. >
Attachment:
signature.asc
Description: OpenPGP digital signature