|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
From: Kastus (NOSPAM
tprfct.net)
Date: Sat Nov 29 2003 - 19:00:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
>
> A suse 8.1 based server has been cracked, and the "visitor" left
> all his tools, so I've been able to play with it as well.
> The server was kept "up to date", but look at that:
>
> ombox:~/tmp> uname -a
> Linux box 2.4.19-4GB #1 Fri Sep 13 13:14:56 UTC 2002 i686 unknown
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This date looks suspicious.
The kernel from k_deflt-2.4.19-340 has time stamp Mon Aug 4 23:38:42 UTC 2003
> ombox:~/tmp> rpm -qa|grep k_
> k_deflt-2.4.19-340
I doubt the kernel you are running belongs to this package.
Did you try to verify k_deflt package? What's the output of
rpm -V k_deflt ?
Also check your bootloader, what kernel is actually gets booted.
Regards, -Kastus
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]