[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Raq 550 Remote Exploits?

Subject: RE: [cobalt-security] Raq 550 Remote Exploits?
From: "Keith Ford" <keith@xxxxxxxxxxxxxxxx>
Date: Fri, 23 Jan 2004 18:00:51 -0600
Organization: MemberClicks
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

We had something similar happen a couple of weeks ago on our 550.  Our
sendmail binary got hacked and was ignoring the /etc/mail/access file, which
made us an open-relay.  We caught it but only after 60k messages went out.
While trying to find the problem, our /home disappeared.  Our sysadmin said
that something was "overlaying another partition" and making it disappear,
but it was really still there.  The check root kit found nothing, so we're
not sure what happened.  The spammers were in Korea and we contacted their
ISP.  After that, someone tried to hit us with a DoS attack.  What joy.
Good luck.

-keith

Follow-Ups:
- Re[2]: [cobalt-security] Raq 550 Remote Exploits?
  - From: Dmitry Alexeyev

References:
- [cobalt-security] Raq 550 Remote Exploits?
  - From: Skeeve Stevens

Prev by Date: [cobalt-security] Defunct CGI processes after last 5 patches
Next by Date: Re[2]: [cobalt-security] Raq 550 Remote Exploits?
Previous by thread: [cobalt-security] Raq 550 Remote Exploits?
Next by thread: Re[2]: [cobalt-security] Raq 550 Remote Exploits?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index