Re: What could a regular user do with a .rpmdb directory uploaded?

To: debian-user@lists.debian.org
Subject: Re: What could a regular user do with a .rpmdb directory uploaded?
From: Camaleón <noelamac@gmail.com>
Date: Wed, 6 Jun 2012 16:45:56 +0000 (UTC)
Message-id: <[🔎] jqo1g4$u68$19@dough.gmane.org>
References: <[🔎] CA+AKB6HHMEU1Wh8JpC7mxM0Y2WGJjTudNhdNVEro8R=jjir4Bw@mail.gmail.com>

On Wed, 06 Jun 2012 12:20:51 -0300, francis picabia wrote:

> I think I've found a compromised user account.

Wow :-(

How they got into (unpatched application, password steal...)?

> This is on Debian but alien is installed.  The attackers have not made a
> move yet, but have done some tests and kept their connections to
> scp/sftp to be unnoticed by last.

Kill them and correct the vulnerability >:-)

> There is a directory .rpmdb uploaded to their home directory.  How could
> this be used to set up their software?  I mean, is there a special angle
> they are aiming at which achieves a result they would not have realized
> by only using make on their sources?

That directory can be normal if you have alien installed. But if they 
have access to a shell they can run the usual commands that are available 
for a standard user.

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: What could a regular user do with a .rpmdb directory uploaded?
  - From: francis picabia <fpicabia@gmail.com>

References:
- What could a regular user do with a .rpmdb directory uploaded?
  - From: francis picabia <fpicabia@gmail.com>

Prev by Date: Re: Default sound for alarm-clock 0.3.1 in Squeeze.
Next by Date: Re: Any command to control the upload bandwidth of a running program
Previous by thread: What could a regular user do with a .rpmdb directory uploaded?
Next by thread: Re: What could a regular user do with a .rpmdb directory uploaded?
Index(es):
- Date
- Thread