Re: !SPAM! [Full-Disclosure] Automated ssh scanning

Valdis.Kletnieks_at_vt.edu
Date: 08/26/04

Next message: Frank Knobbe: "Re: [Full-Disclosure] Automated ssh scanning"

Previous message: Barry Fitzgerald: "Re: !SPAM! [Full-Disclosure] Automated ssh scanning"
In reply to: Richard Verwayen: "RE: !SPAM! [Full-Disclosure] Automated ssh scanning"
Next in thread: Mister Coffee: "Re [Full-Disclosure] Automated ssh scanning"
Reply: Mister Coffee: "Re [Full-Disclosure] Automated ssh scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Richard Verwayen <holle@ackw.de>
Date: Thu, 26 Aug 2004 13:41:07 -0400

On Thu, 26 Aug 2004 15:41:18 +0200, Richard Verwayen said:

> You are right about the passwords, but guest is only a unprivileged
> account as you may have on many prodruction machines. But they managed
> to become root on this machine due to a kernel(?) exploit!

Or an exploit of any of the set-UID root or runs-as-root programs on the system.

VeNoMouS posted ID's of most of the kits you found.

He didn't ID xpl.tar.gz pr psybnc.tgz - anybody recognize those? I'm guessing
one of the following:

1) Debian Woody isn't patched for the kernel do_brk or ptrace holes yet.

2) One of the two as-yet-unID'ed kits has some other exploit that Woody hasn't
been patched against.

3) You haven't found all the kits yet. :)

But as noted by others, if they can get a local 'guest' shell, they're already 95%
of the way to root....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/pgp-signature attachment: stored

Next message: Frank Knobbe: "Re: [Full-Disclosure] Automated ssh scanning"

Previous message: Barry Fitzgerald: "Re: !SPAM! [Full-Disclosure] Automated ssh scanning"
In reply to: Richard Verwayen: "RE: !SPAM! [Full-Disclosure] Automated ssh scanning"
Next in thread: Mister Coffee: "Re [Full-Disclosure] Automated ssh scanning"
Reply: Mister Coffee: "Re [Full-Disclosure] Automated ssh scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Etch on USB-HD wont boot - race condition?
... notebook but the kernel cannot find the root filesystem. ... I had an initial problem that I think I got solved: On boot, ... Begin: Mounting root file system... ... SCSI device sda: 78140159 512-byte hdwr sectors ...
(Debian-User)
Re: Flaws in recent Linux kernels
... Many distributions include other programs which may be ... suitable for exploiting the kernel vulnerability. ... possible to install third-party SUID root programs which may be used. ... A new revision of the Openwall Linux kernel patch, 2.2.19-ow3, is now ...
(Bugtraq)
Re: Beige PowerMac G3/266 trouble
... I downloaded the minimal "netinst" install CD image from ... The kernel initially seemed to load OK, and told me that it had found the ... At this point it threw up an error saying it couldn't open the root device ... request_module: runaway loop modprobe binfmt-0000 ...
(comp.os.linux.powerpc)
Re: 2.6.9-rc2-mm1
... Fails to boot on my Altix. ... diff between 2.6.9-rc1-mm4 and 2.6.9-rc2 indicates some kind of PCI, ... Mounted root readonly. ... -[1Adoneshowconsole: Warning: the ioctl TIOCGDEV is not known by the kernel ...
(Linux-Kernel)
Re: Multibooting
... I use the Grub loader to load both of them. ... Rreplace xx-xx with your kernel version. ... The root line tells wich disk and which partition on it contains file ...
(Fedora)