Re: Method for intrusion

From: KevinO (kevin_at_kevino.org)
Date: 05/03/03

• Next message: Rob Skedgell: "Re: good links on fighting SPAM for REDHat Sendmail"
• Previous message: Taneli Huuskonen: "Re: want to put msg when user is denied login"
• In reply to: John Oliver: "Method for intrusion"
• Next in thread: joe: "Re: Method for intrusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 03 May 2003 07:01:19 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Oliver wrote:
> ... but I would really like to be able to find the inital point of
> entry to make sure that other hosts on the same network aren't also
> vulnerable.
>

There have been a bunch of updates for Red Hat boxes.

ftp://rpmfind.net/linux/redhat/updates/7.2/en/os/i386

apache-1.3.27-1.7.2.i386.rpm
bind-9.2.1-1.7x.2.i386.rpm
glibc-2.2.4-32.i386.rpm
imap-2001a-1.72.0.i386.rpm
kernel-2.4.18-27.7.x.i386.rpm

just to name a very few.

That fact that this 'host probably hadn't been patched in a while' is quite
possibly the problem. I admin a public access RH 7.1 box and there has been a
bunch of updated packages. I would suggest taking a look at any packages that
didn't get installed that should have, that was an update related to security.

https://rhn.redhat.com/errata/rh72-errata.html
https://rhn.redhat.com/errata/rh72-errata-security.html

- --
KevinO

A "few" is an indefinitely small number that conveys a qualitative sense of a
quantity, but not quantitative fact.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+s2lTWOfRC7Rnmv8RArSMAJoCrxkEBII/58A27ZovAaUa6ATwIgCfdsr2
uTGHPVD8JHjodqige4aOdJE=
=yRXg
-----END PGP SIGNATURE-----

---

• Next message: Rob Skedgell: "Re: good links on fighting SPAM for REDHat Sendmail"
• Previous message: Taneli Huuskonen: "Re: want to put msg when user is denied login"
• In reply to: John Oliver: "Method for intrusion"
• Next in thread: joe: "Re: Method for intrusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [CLA-2003:798] Conectiva Security Announcement - gnupg ... way GnuPG deals with type 20 ElGamal sign+encrypt keys which allows ... This is a serious vulnerability with immediate impact: ... It is recommended that all GnuPG users upgrade their packages. ... Detailed instructions reagarding the use of apt and upgrade examples ... (Bugtraq) [CLA-2003:694] Conectiva Security Announcement - gnupg ... SUMMARY: GnuPG key validity vulnerability ... For Conectiva Linux 7.0 and 8, the GnuPG package has been updated to ... It is recommended that all GnuPG users upgrade their packages. ... Detailed instructions reagarding the use of apt and upgrade examples ... (Bugtraq) [Full-disclosure] [ MDKSA-2006:141 ] - Updated gnupg packages fix vulnerability ... Package: gnupg ... An integer overflow vulnerability was discovered in gnupg where an ... Updated packages have been patched to correct this issue. ... Mandriva Linux 2006.0/X86_64: ... (Full-Disclosure) Re: etch --> testing ... | matter is there any information about when a lenny freeze might happen? ... packages, desktop effects, etc. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ... (Debian-User) [Full-disclosure] [USN-170-1] gnupg vulnerability ... gnupg vulnerability ... Ubuntu 4.10 ... since the attack requires a huge amount of oracle answers ... The updated packages disable the quick check, ... (Full-Disclosure)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2003-05