Re: Rooted, .haos on system

From: Julian Young (julian.young@nl.compuware.com)
Date: 12/17/02

Next message: David Gillett: "New CIFS (port 445) worm?"

Previous message: Scott A.McIntyre: "Worm on 445/tcp?"
Maybe in reply to: Damian Gerow: "Rooted, .haos on system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Julian Young <julian.young@nl.compuware.com>
To: Julian Young <Julian.Young@nl.compuware.com>
Date: 17 Dec 2002 09:14:00 +0100

Damian,

I am new at this so please pardon my ignorance. I see that the left a
signature and email address , OK so you could contact them, but what
would you say and what good would it do ?

On fixed IP systems I have tended to avoid contact to avoid becoming a
target rather than a random causality.

Julian

On Mon, 2002-12-16 at 22:36, Damian Gerow wrote:
> On Mon, 2002-12-16 at 15:31, Carlos Eduardo Pedroza Santiviago wrote:
> > No, for me this looks like:
> > epc -> ptrace local exploit
> > su -> su local exploit
>
> > They're old ***, and i guess your system wasn't updated.
>
> (In case you missed the original post, this was a customer system, not
> one of mine. We are currently giving the customer heck for not keeping
> up-to-date.)
>
> I also didn't look too closely at the contents of loc.tgz, as I wasn't
> too concerned as what they were. However, I have since been informed of
> the above (numerous times), and how to contact the people who wrote it,
> and the people who cracked the system.
>
> Thanks to all who helped out. I've gotten about as much information on
> this as I could possibly need.
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Next message: David Gillett: "New CIFS (port 445) worm?"
Previous message: Scott A.McIntyre: "Worm on 445/tcp?"
Maybe in reply to: Damian Gerow: "Rooted, .haos on system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]