On Sat, Dec 18, 2010 at 4:25 PM, Andrew McGlashan
wrote:
> Oh and HP's iLO might need an "advanced" license for virtual media to work,
> not sure about that yet. I picked up a nice DL380 G4 with the advanced iLO
> license already installed.
Yup, I've also discovered that one day when we reinstal
Andrew McGlashan wrote:
nebka:# scp -pr /saved-data-dir r...@infected-machine:/data-dir
Umm, correction
scp -pr r...@infected-machine:/data-dir /saved-data-dir
Oh and HP's iLO might need an "advanced" license for virtual media to
work, not sure about that yet. I picked up a nice DL380 G
Thomas Krichel wrote:
Andrew McGlashan writes
Thomas Krichel wrote:
chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y
install --reinstall procps
So, in effect, did you possibly give away your root password or pass
phrase key for the netbka machine?
Yup. Aft
Andrew McGlashan writes
> Thomas Krichel wrote:
> >chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get
> >-y install --reinstall procps
>
> So, in effect, did you possibly give away your root password or pass
> phrase key for the netbka machine?
Yup. After killing th
Thomas Krichel wrote:
chattr -sia /bin/ps ; scp r...@nebka:/usr/bin/ps /usr/bin/ps ; sudo apt-get -y
install --reinstall procps
So, in effect, did you possibly give away your root password or pass
phrase key for the netbka machine?
I wouldn't be that trusting, you already know you were comp
Izak Burger writes
> Nothing exciting ...
If you need excitement come over here. I had a box infected
by the DSA-2131 vulnerabilty. It wouldn't resinstall psutils,
griping not having permission to cp /bin/ps or somethnig.
I copied chattr from another box, nebka, with the same architectu
On Fri, Dec 17, 2010 at 3:44 PM, Thorsten Göllner wrote:
> Your are (both) right. I will reinstall.
What would be really nice though, is if you could do some kind of
post-mortem. I am always curious to know the techniques of the
black-hats, makes for nice war-stories around the camp fire :-)
Unf
>> I agree, this is a root exploit, and once you have root you can pretty
>> much hide anything you want.
>>>
>>> No question, reinstall.
Depending on your scope,
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html still
has some value. It sounds as though you'll probably be fine with
Am 17.12.2010 14:26, schrieb Izak Burger:
No question, reinstall.
I agree, this is a root exploit, and once you have root you can pretty
much hide anything you want.
On a side note, the patch even applies cleanly on older versions of
exim (such as 4.63), so if you're stuck with an older exim
> No question, reinstall.
I agree, this is a root exploit, and once you have root you can pretty
much hide anything you want.
On a side note, the patch even applies cleanly on older versions of
exim (such as 4.63), so if you're stuck with an older exim for
whatever reason (like I am), its easy en
> So my "big" last ciritical question is "Shall I reinstall":
>
>
Why not reinstall? What if something is hiding that you forgot to check?
What if your binaries are modified in a way that it's making it hard for you
to guarantee they aren't modified?
No question, reinstall.
Mike
Am 17.12.2010 14:01, schrieb Vladislav Kurz:
On Friday 17 of December 2010, you wrote:
Am 17.12.2010 13:49, schrieb Vladislav Kurz:
On Friday 17 of December 2010, you wrote:
Am 17.12.2010 13:17, schrieb Vladislav Kurz:
On Friday 17 of December 2010, Carlos Alberto Lopez Perez wrote:
On 12/1
On Sex, 17 Dez 2010, Paul Stewart wrote:
I have a question related to this security announcement and hope it's
appropriate to ask here...
This list is for it, but you should have started a new thread instead
of hijacking an existing one.
I just recently installed a couple of machines with
On Friday 17 of December 2010, Paul Stewart wrote:
> I have a question related to this security announcement and hope it's
> appropriate to ask here...
>
> I just recently installed a couple of machines with Debian 5 using
> netinstall. They are running Exim which reports as 4.69 in the banner.
>
net]
Sent: December-17-10 6:36 AM
To: debian-security@lists.debian.org
Subject: Re: exim4 router problems since 2 days / sucpicous process "zinit"
is pstree
On Friday 17 of December 2010, Thorsten Göllner wrote:
> Hi,
>
> I have installed Debian 5.0.7. Since 2 days my exim4 does
On Friday 17 of December 2010, Carlos Alberto Lopez Perez wrote:
> On 12/17/2010 12:35 PM, Vladislav Kurz wrote:
> > On Friday 17 of December 2010, Thorsten Göllner wrote:
> >> Hi,
> >>
> >> The other point is that pstree reports a process "zinit" I never saw in
> >> the past:
> >>
> >>
> >>
>
On 12/17/2010 12:35 PM, Vladislav Kurz wrote:
> On Friday 17 of December 2010, Thorsten Göllner wrote:
>> Hi,
>>
>> I have installed Debian 5.0.7. Since 2 days my exim4 does not deliver
>> mails. I always get the message, that the mail is not routeable. I only
>> used "dpkg-reconfigure exim4-config
On Friday 17 of December 2010, Thorsten Göllner wrote:
> Hi,
>
> I have installed Debian 5.0.7. Since 2 days my exim4 does not deliver
> mails. I always get the message, that the mail is not routeable. I only
> used "dpkg-reconfigure exim4-config" without touching one config file by
> hand. I dete
On 12/17/2010 12:00 PM, Thorsten Göllner wrote:
> Hi,
>
> I have installed Debian 5.0.7. Since 2 days my exim4 does not deliver
> mails. I always get the message, that the mail is not routeable. I only
> used "dpkg-reconfigure exim4-config" without touching one config file by
> hand. I detected a
On 17/12/2010 12:00, Thorsten Göllner wrote:
Hi,
I have installed Debian 5.0.7. Since 2 days my exim4 does not deliver
mails. I always get the message, that the mail is not routeable. I
only used "dpkg-reconfigure exim4-config" without touching one config
file by hand. I detected a log messag
Hi,
I have installed Debian 5.0.7. Since 2 days my exim4 does not deliver
mails. I always get the message, that the mail is not routeable. I only
used "dpkg-reconfigure exim4-config" without touching one config file by
hand. I detected a log message (panic log) which says, that there was a
"t
21 matches
Mail list logo