Security problem

To: debian-user@lists.debian.org
Subject: Security problem
From: King Lee <king@ultrix6.cs.csubak.edu>
Date: Thu, 22 Oct 1998 16:09:18 -0700 (PDT)
Message-id: <[🔎] Pine.ULT.3.93.981022160818.7676A-100000@ultrix6.cs.csubak.edu>

Hello,

At our school our system administrator (who is very good) was
running Red Hat 5.1 and someone broke in and got root privileges.
Since he had written a Lan watch, we think we know how it happened.

The Lan Watch showed someone form Israel send a very long
packet to mountd.  Shortly after, two names were added to
the password file with user id 0.  We suspect that 
/etc was NFS mounted with write permission. Afterwards
there were logins from the two added names and rsh was changed.


Is Debian vulnerable?  Unfortunately, I haven't progressed
to the stage where I am comfortable looking at code.

King

Reply to:

Follow-Ups:
- Re: Security problem
  - From: Nathan E Norman <finn@midco.net>
- Re: Security problem
  - From: "M.C. Vernon" <mcv21@cus.cam.ac.uk>

Prev by Date: Root Change Password
Next by Date: Re: Backspace in xterm (again) [FIXED]
Previous by thread: Root Change Password
Next by thread: Re: Security problem
Index(es):
- Date
- Thread