[1740] in linux-security and linux-alert archive
[linux-security] Apparent SNMP remote-root vulnerability.
daemon@ATHENA.MIT.EDU (Dan Reish)
Sun May 10 12:34:44 1998
Date: Sat, 09 May 1998 14:05:06 -0400 (EDT)
From: Dan Reish <dreish@izzy.net>
To: BUGTRAQ@NETSPACE.ORG, linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
I just had a remote root break-in on my machine (x86 running Red Hat Linux
5.0 with all the updates except for kernel-2.0.32-3) this morning at
06:03:28 EDT. From what I've been able to gather, it appears to have been
through snmpd, which I missed when I was weeding out unused daemons.
Sorry for the feeble message, but all I know (or at least strongly
suspect) is that there's a vulnerability in Red Hat 5.0's cmu-snmp-3.4-3
when configured as shipped. I have a combination birthday/Mother's Day
party to get to, so I can't do much more investigating.
(In case anyone else has any similar experiences, connections were from
southshore.com and shell.dhp.com. Someone from dionysus.publib.nf.ca did
a port scan of my machine on April 27 at 5 a.m. EDT.)
If this turns out to be a simple misconfiguration, then I'm an idiot for
posting this, but it should still not be possible to open up a system to
remote root access simply by installing a standard RPM.
--
Dan
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null