[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [cobalt-security] Raq 550 Remote Exploits?

Subject: Re[2]: [cobalt-security] Raq 550 Remote Exploits?
From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
Date: Tue, 27 Jan 2004 02:52:31 +0300
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello!

Those this mean the cracker got in using sendmail?

KF> We had something similar happen a couple of weeks ago on our 550.  Our
KF> sendmail binary got hacked and was ignoring the /etc/mail/access file, which
KF> made us an open-relay.  We caught it but only after 60k messages went out.
KF> While trying to find the problem, our /home disappeared.

That is LKM rootkit probably, like suckit or kis.

KF>   Our sysadmin said
KF> that something was "overlaying another partition" and making it disappear,
KF> but it was really still there.  The check root kit found nothing, so we're
KF> not sure what happened.  The spammers were in Korea and we contacted their
KF> ISP.  After that, someone tried to hit us with a DoS attack.  What joy.
KF> Good luck.

KF> -keith

Regards,
Dmitry

References:
- [cobalt-security] Raq 550 Remote Exploits?
  - From: Skeeve Stevens
- RE: [cobalt-security] Raq 550 Remote Exploits?
  - From: Keith Ford

Prev by Date: RE: [cobalt-security] Raq 550 Remote Exploits?
Next by Date: Re: [cobalt-security] Raq 550 Remote Exploits?
Previous by thread: RE: [cobalt-security] Raq 550 Remote Exploits?
Next by thread: Re: [cobalt-security] Raq 550 Remote Exploits?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index