Hi all,
One of my machines running debian woody (up to date with all
security updates)
was broken into yesterday. The attacker gained a normal user access possibly by
cracking a weak password and then managed to get a root shell, install a
rootkit etc...
Looking through evidence left behind (bash_history etc..) I have
figured out that
the privilege escalation was achived using an executable that the
attacker downloaded
from the net. I have verified that this binary is indeed capable of
giving root shell to any user
and it works on two test systems I tried -- one woody and one redhat 7.2.