[RH List] Re: Possible break-in

Pete Nesbitt pete at linux1.ca
Sun May 16 15:25:29 UTC 2004


On May 15, 2004 06:31 pm, Ashley M. Kirchner wrote:
> Pete Nesbitt wrote:
> >We had a solaris box hacked the other day. The machine is off-line but has
> > not been looked at. So far it looks like there was a sendmail
> > vulnerability that came out around the 8th (from what I could find) and
> > we got hacked on the 9th (at least that is when a "eee" and a "r00t"
> > accont showed up.
> >
> >Does your box have sendmail listening to the outside?
>
>     I keep up with the source directly from sendmail.org, and thus am
> running 8.12.11.  I don't think there's been a problem with that version
> yet.  But also, it turned out to be a false alarm.  prelink changes file
> sizes when it runs on binaries and libraries (ironically they get
> bigger,) and tripwire was doing what it's supposed to do: warm about
> file changes.
>
>

Hi,
The server still had a stock install of Solaris 8, no patches or anything 
applied yet. It was going to be a test box, but got it's external IP a little 
too soon :(

When I said the vulnerability came out on the 8th, I was wrong, that was the 
update info, it looks like 8.12.10 patched the problem.

-- 
Pete Nesbitt, rhce





More information about the redhat-list mailing list