For those who missed it, the Debian machines were hacked because of a
combination of a sniffed password and a local root exploit. The hole is
believed to be only locally exploitable, not remotely. More details on
this exploit are at
http://isec.pl/vulnerabilities/isec-0012-do_brk.txt
Among other things, it says that:
Impact:
=======
Successful exploitation of do_brk() leads to full compromise of
vulnerable system, including gaining full uid 0 privileges,
possibility of kernel code and data structures modification as
well as kernel-level (ring0) code execution.
Tested and successfully exploited kernel versions include:
o 2.4.20-18.9 as shipped with RedHat 9.0
o 2.4.22 (vanila)
o 2.4.22 with grsecurity patch
There is no known reliable workaround for this vulnerability.
We recommend upgrading to the most recent kernel version (so far
the 2.4.23 kernel) on all vulnerable systems.
As an aside, I wonder how many people here are using Linux to grant
other people full shell account? How many full shell users do they have?
--
"If you have an apple and I have an apple and we exchange apples then
you and I will still each have one apple. But if you have an idea and I
have an idea and we exchange these ideas, then each of us will have two
ideas." -- George Bernard Shaw (sent by shaulk @ actcom . net . il)
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
