LOGWATCH EXPLOIT ROOT COMPROMISE

Fri, 29 Mar 2002 08:45:55 -0800 

if you haven't heard yet, root account can be compromised by a local account
using logwatch.

the current work around i got was to chattr +i /etc/passwd

that makes it so /etc/passwd can't be modified, if and when you need to add
a user you can simply do chattr -i /etc/passwd

i hope no one has gotten compromised yet

Bailey

Reply via email to