Re: root compromise on debian woody

To: debian-user@lists.debian.org
Subject: Re: root compromise on debian woody
From: kamaraju kusumanchi <raju.mailinglists@gmail.com>
Date: Thu, 26 May 2005 17:16:25 -0400
Message-id: <[🔎] 42963CA9.3020103@gmail.com>
In-reply-to: <[🔎] 8752f596050526134936f40e67@mail.gmail.com>
References: <[🔎] 8752f596050526134936f40e67@mail.gmail.com>

Selva Nair wrote:

Hi all,

  One of my machines running debian woody (up to date with all
security updates)
was broken into yesterday. The attacker gained a normal user access possibly bycracking a weak password and then managed to get a root shell, install arootkit etc...
  Looking through evidence left behind (bash_history etc..) I have
figured out that
the privilege escalation was achived using an executable  that the
attacker downloaded
from the net. I have verified that this binary is indeed capable of
giving root shell to any user
and it works on two test systems I tried -- one woody and one redhat 7.2.

Could you please give the link to this binary? I run couple of debianmachines and am quite intimidated by your email. I want to cross checkwhat you have been proposing. If the problem is reproducible, then Iguess the security team would be happy to give us a security-update.


raju

Reply to:

Follow-Ups:
- Re: root compromise on debian woody
  - From: michael <linux@networkingnewsletter.org.uk>

References:
- root compromise on debian woody
  - From: Selva Nair <selva.nair@gmail.com>

Prev by Date: how to use the LANGUAGE environment variable
Next by Date: Re: root compromise on debian woody
Previous by thread: root compromise on debian woody
Next by thread: Re: root compromise on debian woody
Index(es):
- Date
- Thread