Re: Tracking Down Security Hole
From: James Riden (j.riden_at_massey.ac.nz)
Date: Tue, 17 Feb 2004 15:23:19 +1300
Mark Olbert <firstname.lastname@example.org> writes:
> I'm virtually certain that my linux (2.4.17) firewall/router has been
> hacked (e.g., there's an entire directory of "replacement" executable
> files, such as ls, that wasn't there before, and all the replacments
> have timestamps of just a day or so ago).
2.4.17 had some privilege escalation holes, meaning a local user can
become root. What services and what versions were you running?
-- James Riden / email@example.com / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/