Full Disclosure mailing list archives

Re: Patched Solaris Boxes being Hacked??

From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 5 Jan 2004 14:11:23 -0600 (CST)


Any system this day in age to get hacked via finger, rpc and/or ftp can
not be considered to have been patched nor secured in any real manner,
thus these were exposed systems without security measures in place, and as
susceptable <almost> as any default widowns system one just got for x-mas
and exposed without patches and anti-viri software and secureity measures
taken to lock them down.

Thanks,

Ron DuFresne

On Mon, 5 Jan 2004, Compton, Rich wrote:

Anyone out there have more information on ISC's reports of patched Solaris
boxes being compromised?  Here's the quote from the Incident Handler's Diary
for today:

"Solaris 8 Hacks. We've received a few reports of significant intrusions
into networks of patched Solaris 8 machines. Initial analysis indicates what
appears to be a multi-vector attack, using finger, rpcbind, and ftp. In one
network, the systems that got broken into did not have tcpwrappers installed
nor did they have the rpcbind from Wietse Venema and Casper Dik that has
tcpwrapper support. However, there were Solaris 8 systems in the same
machine room that are behind on patches, but have tcp wrappers installed and
they were not broken into. If there have been other cases of similar
intrusions in the past few days, the Storm Center would like to hear about
it."

-Rich Compton

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Patched Solaris Boxes being Hacked?? Compton, Rich (Jan 05)
- Re: Patched Solaris Boxes being Hacked?? daniel uriah clemens (Jan 05)
- Re: Patched Solaris Boxes being Hacked?? Larry W. Cashdollar (Jan 05)
- Re: Patched Solaris Boxes being Hacked?? Ron DuFresne (Jan 05)