HomeMore on recent kernel exploit issue: NewsForge

Reply to comment

More on recent kernel exploit issue: NewsForge

Wed, 12/03/2003 - 08:51 — charlie.collins

NewsForge has more details on the recent kernel exploit that caused the owning of 4 debian project machines.

Note that the exploit has been seen "in the wild". Also note that even if you dont have any other users on your machines other than people you trust, if you use any type of clear text passwords (pop, imap, cvs, ftp, etc without TLS) then it would be TRIVIAL to sniff out a non priveleged account and then use that account to perform the escalation exploit.

Upgrade your machines, check for any binaries that have been changed and change your passwords.

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <hr> <li> <dl> <dt> <dd> <pre> <b> <h1> <h2> <h3> <blockquote>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
2 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.