Educause Security Discussion mailing list archives
FW: Multiple UNIX compromises at Stanford
From: "Dr. Tina Bird" <tbird65 () STANFORD EDU>
Date: Tue, 6 Apr 2004 17:45:08 -0700
-----Original Message----- From: owner-first-teams () first org [mailto:owner-first-teams () first org] On Behalf Of Dr. Tina Bird Sent: Tuesday, April 06, 2004 5:41 PM To: first-teams () first org Subject: Multiple UNIX compromises at Stanford -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all -- Rather more disturbing to this old UNIX geek than the rapid spread of Phatbot and its relatives is the widespread, apparently co-ordinated attack being seen targetting Linux and Solaris systems in higher education and research organizations. I've just released the following alert to Stanford; please feel free to distribute the information to your UNIX system administrators and other interested parties. The full text of this Security Alert is on line at <http://securecomputing.stanford.edu/alerts/multiple-unix-6apr
2004.html>. Stanford, along with a large number of research institutions and high performance computing centers, has become a target for some sophisticated Linux and Solaris attacks. An unknown attacker (or group) has compromised numerous multi-user Solaris and Linux computers on Stanford's campus using a variety of mechanisms. In most cases, the attacker gets access to a machine by cracking or sniffing passwords. Local user accounts are escalated to root privileges by triggering a variety of local exploits, including the do_brk() and mremap() exploits on Linux and the arbitrary kernel loading modules and passwd vulnerabilities on Solaris. If you manage multi-user Linux or Solaris systems, please read the alert referenced above and take the appropriate action to protect your systems and your users. cheers? tbird - - -- Dr. Tina Bird Information Security Services, Stanford University http://securecomputing.stanford.edu/alert.html http://www.loganalysis.org http://vpn.shmoo.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (OpenBSD) Comment: Made with pgp4pine 1.76 iD8DBQFAc04dcoaZZ4u5dCIRAvL5AKDyN9OJAq6cp5vsnQP5VU8MQcw2rACfWSI+ fogoa1PK3od2vW9xajWuGZg= =wT09 -----END PGP SIGNATURE----- -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+ This message was posted through the FIRST mailing list server. Contact your team's FIRST representative to (un)subscribe, DO NOT REDISTRIBUTE BEYOND MEMBERS OF FIRST TEAMS UNLESS THE AUTHOR OF THIS MESSAGE GRANTS EXPRESS PERMISSION TO REDISTRIBUTE -+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- FW: Multiple UNIX compromises at Stanford Dr. Tina Bird (Apr 06)