[vox] Biggest uptimes!
Don Armstrong
don at donarmstrong.com
Sat Feb 18 18:45:48 PST 2006
On Sat, 18 Feb 2006, trixter aka Bret McDanel wrote:
> wasnt it a desire for a long uptime that caused debin to not install
> a patch for a known kernel vulnerability and they got owned because
> of that?
No, it was a slightly more complicated situation involving a
non-Debian machine being broken into and a password sniffed which was
used to break into a debian.org machine and then use a copy of
unpatched suid binaries which were sitting around to elevate to root
on master, and then break into other machines from there.
See:
http://lists.debian.org/debian-devel-announce/2003/11/msg00012.html
for more details. [gluck was behind on getting a kernel with the
ptrace fix installed, but it had it installed in august, before the
attack occured.]
Don Armstrong
--
THERE IS NO GRAVITY THE WORLD SUCKS
-- Vietnam War Penquin Lighter
http://gallery.donarmstrong.com/clippings/vietnam_there_is_no_gravity.jpg
http://www.donarmstrong.com http://rzlab.ucr.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox/attachments/20060218/579890dc/attachment-0001.pgp
More information about the vox
mailing list