Re: Security problem
My message was not clear.
We did not mount /etc writable. The hacker sent a a long packet
which we think overflowed buffer and caused /etc to be mounted
writable.
The bug is real, and Debian has a fix. See security
lists in Debian. If you are running Debian 2.0
you might have a security hole. There was also security
problems with bind. The fixes appear in the current distributions
(2.0.2 I think) not in package-updates.
King Lee
On Fri, 23 Oct 1998, M.C. Vernkon wrote:
>
> > At our school our system administrator (who is very good) was
> > running Red Hat 5.1 and someone broke in and got root privileges.
> > Since he had written a Lan watch, we think we know how it happened.
> >
> > The Lan Watch showed someone form Israel send a very long
> > packet to mountd. Shortly after, two names were added to
> > the password file with user id 0. We suspect that
> > /etc was NFS mounted with write permission. Afterwards
> > there were logins from the two added names and rsh was changed.
>
> mounting anything NFS with write permission is just plain stupid.
>
> Matthew
>
> --
> Elen sila lumenn' omentielvo
>
> Steward of the Cambridge Tolkien Society
> Selwyn College Computer Support
> http://www.geocities.com/Area51/Chamber/8841/
> http://www.cam.ac.uk/CambUniv/Societies/tolkien/
> http://pick.sel.cam.ac.uk/
>
>
Reply to: