On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:
> 3) ISS was not aware of other researchers discovering this
> vulnerability nor aware of it in the wild at the time of the release of the
> advisory.
We've got reason to believe that this was already known to some
black hats by April the 19th. For linux on intel.
A Friend of mine had a machine compromised on April 19. The intruder
managed to get a shell as user www-data. He hadn't any leads on how
the break-in happened, except for a few thousand lines in the logfile
like this:
[Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal
Segmentation fault (11)
Incidentally, this corresponds to the effect the exploit from
gobbles shows.
Peter Keel
--
Operator in charge for Security Tel +41 1 287 2992
Cyberlink Internet Services AG Fax +41 1 287 2991
Richard Wagnerstrasse 6 admin@cyberlink.ch
CH-8002 Zuerich http://www.cyberlink.ch
