On Thu, 22 Oct 1998, King Lee wrote: : Hello, : : At our school our system administrator (who is very good) was : running Red Hat 5.1 and someone broke in and got root privileges. : Since he had written a Lan watch, we think we know how it happened. : : The Lan Watch showed someone form Israel send a very long : packet to mountd. Shortly after, two names were added to : the password file with user id 0. We suspect that : /etc was NFS mounted with write permission. Afterwards : there were logins from the two added names and rsh was changed. : : : Is Debian vulnerable? Unfortunately, I haven't progressed : to the stage where I am comfortable looking at code.
This security hole, and the fix, were announced on debian-security a few weeks ago. I'll look for the announcement. So yes, some systems are vulnerable, but there is a fix available. -- Nathan Norman MidcoNet 410 South Phillips Avenue Sioux Falls, SD mailto:[EMAIL PROTECTED] http://www.midco.net finger [EMAIL PROTECTED] for PGP Key: (0xA33B86E9)