[1753] in SIPB_Linux_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Recent linux break-ins - time to take action

daemon@ATHENA.MIT.EDU (Kevin 'Bob' Fu)
Mon Aug 18 01:14:15 1997

To: linux-dev@MIT.EDU
Date: Mon, 18 Aug 1997 01:14:01 EDT
From: "Kevin 'Bob' Fu" <fubob@MIT.EDU>

Recently several old Slackware machines on MITNet have been
compromised.  The method is always the same.  Most slackware machine
owners are not even aware of the potential problems.

Should we take the inititive to warn Slackware users and to
convince these users to switch to RedHat...or at least
fix affected binaries?  

The quinessential attack:

1.) Sniff password
2.) Login to a machine, oh gee it's slackware
3.) Download souce from www.rootshell.com
4.) Compile
5.) Overflow SUID root programs su, ping, SuperProbe, etc
6.) Run a sniffer, snarf data, goto step 1.

-Kevin

--------
Kevin E. Fu aka Bob the BobOp         Athena OLC/RCC
PGP key: finger fubob@snafu.mit.edu   SIPB Member


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1753] in SIPB_Linux_Development

Recent linux break-ins - time to take action

daemon@ATHENA.MIT.EDU (Kevin 'Bob' Fu)Mon Aug 18 01:14:15 1997

daemon@ATHENA.MIT.EDU (Kevin 'Bob' Fu)
Mon Aug 18 01:14:15 1997