Re: RPM aware rootkits?
From: Anton Chuvakin (anton@chuvakin.org)Date: 02/13/02
- Previous message: dewt: "Re: RPM aware rootkits?"
- Maybe in reply to: Anton Chuvakin: "RPM aware rootkits?"
- Next in thread: jon schatz: "Re: RPM aware rootkits?"
- Reply: jon schatz: "Re: RPM aware rootkits?"
- Reply: Chris Green: "Re: RPM aware rootkits?"
- Reply: Tim Lawless: "Re: RPM aware rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Feb 2002 17:56:31 -0500 (EST) From: Anton Chuvakin <anton@chuvakin.org> To: Chris Green <cmg@uab.edu>
Hello Chris and all,
Thanks for the message.
>What won't work in this situation is attackers that have the md5sums
>or signatures for various binaries on the machine that you are
>intending to replace.
Hmm, that was the point of my question, to some extent. How would an
attacker (possesing the md5sums for valid packages and md5sumes for hacked
packages) go about updating the rpm database to pass the ? Are there any
tools (in rootkits or elsewhere) to accomplish it?
Best regards,
--
Anton A. Chuvakin, Ph.D.
http://www.chuvakin.org
http://www.info-secure.org
- Previous message: dewt: "Re: RPM aware rootkits?"
- Maybe in reply to: Anton Chuvakin: "RPM aware rootkits?"
- Next in thread: jon schatz: "Re: RPM aware rootkits?"
- Reply: jon schatz: "Re: RPM aware rootkits?"
- Reply: Chris Green: "Re: RPM aware rootkits?"
- Reply: Tim Lawless: "Re: RPM aware rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
