Security Incidents mailing list archives
Re: New Linux Trojan
From: Gary Flynn <flynngn () jmu edu>
Date: Thu, 06 Sep 2001 10:43:32 -0400
Ben Ford wrote:
Qualys Inc wrote:Mitigating Factors: ------------------- The replication process of the Remote Shell Program can only effect binary files within the access privileges of the user who launched the originally infected program.A properly configured machine won't have
^^^^^^^^^^ Should be "operated" :)
the root user running untrusted binaries.
Also, if the machine is used as a development platform, it is likely the operator running as a non-privileged user may have write access to executables stored in the current working directory which would allow the malicious code to spread...perhaps to development team members and finally to shared production code. Ugh. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- New Linux Trojan Qualys Inc (Sep 05)
- Re: New Linux Trojan Ben Ford (Sep 05)
- Re: New Linux Trojan Russell Fulton (Sep 05)
- Re: New Linux Trojan Jason Robertson (Sep 05)
- Re: New Linux Trojan Gary Flynn (Sep 06)
- Re: New Linux Trojan Russell Fulton (Sep 05)
- Re: New Linux Trojan Nick FitzGerald (Sep 09)
- <Possible follow-ups>
- RE: New Linux Trojan Vidovic,Zvonimir,VEVEY,GL-IS/CIS (Sep 06)
- Re: New Linux Trojan Brett Glass (Sep 06)
- Re: New Linux Trojan Ben Ford (Sep 05)