Re: irssi backdoor question

From: Jan Jungnickel (jan@jungnickel.com)
Date: 05/27/02


Date: Mon, 27 May 2002 17:46:29 +0200
From: Jan Jungnickel <jan@jungnickel.com>
To: Felix Seeger <seeger@sitewaerts.de>


On Mon, 27 Mai 2002, you (Felix Seeger) wrote:

> Does make install also use the script ?
>
> If the atacker has normal user access than this is bad, but not a real
> problem.

Well, if the machine holding the compromised user-account is also
vulnerable (or has been within that time) to local root exploits, it may
have been root-compromised thus causing "a real problem".

If you can make sure that the machine hasn't been vulnerable inbetween,
you're probably on the safe side, but you'll never know for sure.

Or did I get anything wrong?

Regards,
Jan «octane» Jungnickel

-- 
:: iCommunications Bremen - Perl, PHP ::
:: Internetworking and UNIX Solutions ::
:: Delmestrasse 25 || DE-28199 Bremen ::
:: Phone: +49-421-988702-1 || Fax: -2 ::