Re: solaris lpd, KARMAPOLICE?

["Ricky Vludmore" <ricky2k () anonymous to>]

> Considering that there's an exploit big enough to drive a truck through 
> for LPD on Solaris, you might want to check to see if the version that 
> you have is vulnerable.  LPD is really bad to run on the net and the 
> recent vulnerability could be your problem.

No less than a dozen people replied personally
to this post. It seems others have fallen 
victim to an identical exploit. Some asked if
there were exploit remains left on the system.
There don't appear to be.

Sun Patch-ID# 109320-04 was suggested to me by 
a few people.  

One person said it may be an exploit for a 
different operating system, but this doesn't
coincide with the idle processes I saw and
confirmations by others that they were 
successfully attacked.

The exploit remains a mystery. I did some
searches on the securityfocus website for
the exploit string (if that's what you'd
call it) and saw nothing of interest, at
least not on Bugtraq. Was one released
elsewhere?

> Hope you server was 1.) In a DMZ, 2.) Has tripwire and can tell you what 
> changed.  Otherwise, I would be _very_ wary.

Yeah, the risk of an intrusion was acknowledged 
when we decided to expose it and surrounding
systems to the Internet. Shame on us for not
using tripwire though ;-( We'll reinstall from
scratch with said patch applied.



------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click "Contact Us."

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com