[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Raq4 Server hacked :'(

Subject: Re: [cobalt-security] Raq4 Server hacked :'(
From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
Date: Wed, 24 Mar 2004 13:59:35 +0300
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Sun has never made this patch for RAQ3, but they did for RAQ4. 

Check http://www.cobaltsupport.com , there's patched kernel for RAQ3  
(backported patch from RAQ4 kernel - 3 lines of code...) and UPDATE.

That's first thing you have to do (and all other RAQ3 owners as well). 

Next step is check for rootkits etc. CobaltSupport also can help you 
with that. 

WBR,
Dmitry

>On Wednesday 24 March 2004 05:39, James Zawacki wrote:
> Ok.. I've been keeping up with patches.. and am up to date except for
> the last pine patch on the 17th.  But, one of my servers bounced 5
> days ago.  I started looking into it, and found one of the web sites
> cgi-bin has a TON of hacking scripts.  CGI-Telnet server, irc bots,
> etc.
>
> And, there was a binary file that was this:
>
>  Linux Kernel kmod.c modprobe ptrace vulnerability exploit
>
> Now, I'm trying to do clean up.  What's the easiest way to determine
> if root has been compromised, or just that user account for that web
> site?
>
> Thanks,
> James

Follow-Ups:
- Re: [cobalt-security] Raq4 Server hacked :'(
  - From: Zeffie

References:
- [cobalt-security] Raq4 Server hacked :'(
  - From: James Zawacki

Prev by Date: Re: [cobalt-security] Raq4 Server hacked :'(
Next by Date: Re: [cobalt-security] Raq4 Server hacked :'(
Previous by thread: Re: [cobalt-security] Raq4 Server hacked :'(
Next by thread: Re: [cobalt-security] Raq4 Server hacked :'(

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index