resolved Re: should i publish a list of cracked machines?

• Previous message (by thread): resolved Re: should i publish a list of cracked machines?
• Next message (by thread): should i publish a list of cracked machines?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

|> From: Kevin Houle [mailto:kjh at cert.org]
|> Sent: Thursday, August 23, 2001 10:42 AM
|> 
|> --On Thursday, August 23, 2001 12:39:21 -0400 Jim Mercer 
|> <jim at reptiles.org> 
|> wrote:
|> 
|> > my suspicions and some things to look for:
|> >
|> > - boxes were comprimised using the buffer overflow in telnetd
|> > (speculation)
|> 
|> The CERT/CC is aware of some level of automated exploitation of
|> the recently described telnetd vulnerability. If folks have yet
|> to patch systems for that particular vulnerability, it would be
|> a good thing to spend time doing. We've seen it used to deploy
|> DDoS-capable tools, for example.
|> 
|> More info on the vulnerability at:
|> 
|>  http://www.kb.cert.org/vuls/id/745371

quick patch for this vulnerability

#! /bin/sh

rm -f `whereis in.telnetd`
rm -f `whereis in.ftpd`

/etc/rc.d/init.d/ssh-server start

• Previous message (by thread): resolved Re: should i publish a list of cracked machines?
• Next message (by thread): should i publish a list of cracked machines?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]