Security Incidents mailing list archives

Re: Rooted, .haos on system

From: Damian Gerow <damian () sentex net>
Date: 16 Dec 2002 16:36:46 -0500

On Mon, 2002-12-16 at 15:31, Carlos Eduardo Pedroza Santiviago wrote:

No, for me this looks like:
      epc -> ptrace local exploit
      su -> su local exploit

They're old shit, and i guess your system wasn't updated.


(In case you missed the original post, this was a customer system, not
one of mine.  We are currently giving the customer heck for not keeping
up-to-date.)

I also didn't look too closely at the contents of loc.tgz, as I wasn't
too concerned as what they were.  However, I have since been informed of
the above (numerous times), and how to contact the people who wrote it,
and the people who cracked the system.

Thanks to all who helped out.  I've gotten about as much information on
this as I could possibly need.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Rooted, .haos on system Damian Gerow (Dec 15)
- Re: Rooted, .haos on system Damian Gerow (Dec 16)
  - Re: Rooted, .haos on system Damian Gerow (Dec 16)
    - Re: Rooted, .haos on system Mike Katz (Dec 16)
    - Re: Rooted, .haos on system zeno (Dec 16)
    - Re: Rooted, .haos on system Carlos Eduardo Pedroza Santiviago (Dec 16)
    - Re: Rooted, .haos on system Damian Gerow (Dec 16)
    - Message not available
    - Re: Rooted, .haos on system Julian Young (Dec 17)
    - New CIFS (port 445) worm? David Gillett (Dec 17)
    - Re: New CIFS (port 445) worm? Zen (Dec 17)
  - Re[2]: Rooted, .haos on system Oliver.C.Rochford CFH (Dec 17)
- Re: Rooted, .haos on system Mattias Hedenskog (Dec 16)
  - Re: Rooted, .haos on system zeno (Dec 16)