>Date: Thu, 02 Dec 1999 11:56:42 -0800
>I think our Linux machine was hacked. I checked the message log, and
>found a mysterious RPC connection from 210.114.231.130, after that
Sure. There is a bug in rpc.mountd (or, I suppose, in RPC library)
which allows a remote machine to send a packet containing program
which executes with root privileges on target machine. Same or at
least similar bug is in imapd. Block remote access to their ports.
Or upgrade these packages to newest available versions.
BTW, does anyone know if any, and which versions are safe?
I was reported the bug to be used on RH 5.0 to compromise it, and
seems it is also on RH 5.1. I do not know if it is still on RH 5.2
(and I would like to know it, and avoid upgrading if unnecessary).
It is also in Slackware distribution (most likely in other, too)
using kernel 2.0.30 - rather old. Two machines in our network (one
RH 5.0 and one Slackware) were compromised this way.
Jerzy
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
