Re: GNU software compromised : Cert Advisory

From: Alan Connor (xxxxxx_at_xxxx.xxx)
Date: 08/14/03


Date: Thu, 14 Aug 2003 08:55:17 GMT

On Thu, 14 Aug 2003 04:41:02 GMT, Bit Twister <BitTwister@localhost.localdomain> wrote:
>
>
> On Thu, 14 Aug 2003 04:23:08 GMT, gombvtw@moqphq.com.jb wrote:
>> |I noticed a M$ weenie posted this. Is it for real?
>>
>> It is unfortunately. And apparently it was done by someone who had login
>> access to the machine, using a local ptrace exploit in the week before a
>> patch was posted.
>>
>> |Haven't heard a word about it anyplace else.
>
> http://www.cert.org/advisories/
>
>>
>> Slashdot among lots of places.
>>
>> [Please, no futher crossposts unless you have some info to add.]

     
Am I understanding this correctly? All anyone has to do to evade this
cracker's work is to check the md5 sums?

If so, this isn't a security issue, it is a STUPIDITY issue.

No one with a lick of common sense installs anything they've downloaded from
the net without doing that basic test.

Alan



Relevant Pages

  • Re: GNU software compromised : Cert Advisory
    ... And apparently it was done by someone who had login ... Am I understanding this correctly? ... All anyone has to do to evade this ... cracker's work is to check the md5 sums? ...
    (comp.os.linux)
  • Re: GNU software compromised : Cert Advisory
    ... And apparently it was done by someone who had login ... Am I understanding this correctly? ... All anyone has to do to evade this ... cracker's work is to check the md5 sums? ...
    (comp.os.linux.networking)
  • Re: GNU software compromised : Cert Advisory
    ... And apparently it was done by someone who had login ... Am I understanding this correctly? ... All anyone has to do to evade this ... cracker's work is to check the md5 sums? ...
    (comp.os.linux.setup)
  • Re: Users with "VIEW SERVER STATE" only see current session
    ... I would after connecting verify that one really have sysadmins privileges, just to be certain that one connect using the login one believe... ... I should be able to see all sessions for all users on ... If my understanding is not correct, ... I would like to get a query something like the following to work: ...
    (microsoft.public.sqlserver.server)
  • Re: User login
    ... without really understanding what it does. ... This command will do it: ... I want to run a login script file for certain users. ...
    (microsoft.public.windows.server.general)