Re: Security problem

To: King Lee <king@ultrix6.cs.csubak.edu>
Cc: debian-user@lists.debian.org
Subject: Re: Security problem
From: "M.C. Vernon" <mcv21@cus.cam.ac.uk>
Date: Fri, 23 Oct 1998 08:31:31 +0100 (BST)
Message-id: <[🔎] Pine.SOL.3.96.981023083054.16459D-100000@ursa.cus.cam.ac.uk>
Reply-to: matthew@sel.cam.ac.uk
In-reply-to: <[🔎] Pine.ULT.3.93.981022160818.7676A-100000@ultrix6.cs.csubak.edu>

> At our school our system administrator (who is very good) was
> running Red Hat 5.1 and someone broke in and got root privileges.
> Since he had written a Lan watch, we think we know how it happened.
> 
> The Lan Watch showed someone form Israel send a very long
> packet to mountd.  Shortly after, two names were added to
> the password file with user id 0.  We suspect that 
> /etc was NFS mounted with write permission. Afterwards
> there were logins from the two added names and rsh was changed.

mounting anything NFS with write permission is just plain stupid.

Matthew

-- 
Elen sila lumenn' omentielvo

Steward of the Cambridge Tolkien Society
Selwyn College Computer Support
http://www.geocities.com/Area51/Chamber/8841/
http://www.cam.ac.uk/CambUniv/Societies/tolkien/
http://pick.sel.cam.ac.uk/

Reply to:

Follow-Ups:
- Re: Security problem
  - From: King Lee <king@ultrix6.cs.csubak.edu>

References:
- Security problem
  - From: King Lee <king@ultrix6.cs.csubak.edu>

Prev by Date: Re: Printer stops after half of page
Next by Date: enscript problem
Previous by thread: Re: Security problem
Next by thread: Re: Security problem
Index(es):
- Date
- Thread