[40860] in North American Network Operators' Group
RE: resolved Re: should i publish a list of cracked machines?
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Thu Aug 23 19:06:14 2001
Message-ID: <EA9368A5B1010140ADBF534E4D32C728069E2D@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Kevin Houle' <kjh@cert.org>, Jim Mercer <jim@reptiles.org>,
nanog@merit.edu
Date: Thu, 23 Aug 2001 16:07:38 -0700
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: owner-nanog-outgoing@merit.edu
|> From: Kevin Houle [mailto:kjh@cert.org]
|> Sent: Thursday, August 23, 2001 10:42 AM
|>
|> --On Thursday, August 23, 2001 12:39:21 -0400 Jim Mercer
|> <jim@reptiles.org>
|> wrote:
|>
|> > my suspicions and some things to look for:
|> >
|> > - boxes were comprimised using the buffer overflow in telnetd
|> > (speculation)
|>
|> The CERT/CC is aware of some level of automated exploitation of
|> the recently described telnetd vulnerability. If folks have yet
|> to patch systems for that particular vulnerability, it would be
|> a good thing to spend time doing. We've seen it used to deploy
|> DDoS-capable tools, for example.
|>
|> More info on the vulnerability at:
|>
|> http://www.kb.cert.org/vuls/id/745371
quick patch for this vulnerability
#! /bin/sh
rm -f `whereis in.telnetd`
rm -f `whereis in.ftpd`
/etc/rc.d/init.d/ssh-server start
