[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security problem


At our school our system administrator (who is very good) was
running Red Hat 5.1 and someone broke in and got root privileges.
Since he had written a Lan watch, we think we know how it happened.

The Lan Watch showed someone form Israel send a very long
packet to mountd.  Shortly after, two names were added to
the password file with user id 0.  We suspect that 
/etc was NFS mounted with write permission. Afterwards
there were logins from the two added names and rsh was changed.

Is Debian vulnerable?  Unfortunately, I haven't progressed
to the stage where I am comfortable looking at code.


Reply to: