On May 15, 2004 06:31 pm, Ashley M. Kirchner wrote: > Pete Nesbitt wrote: > >We had a solaris box hacked the other day. The machine is off-line but has > > not been looked at. So far it looks like there was a sendmail > > vulnerability that came out around the 8th (from what I could find) and > > we got hacked on the 9th (at least that is when a "eee" and a "r00t" > > accont showed up. > > > >Does your box have sendmail listening to the outside? > > I keep up with the source directly from sendmail.org, and thus am > running 8.12.11. I don't think there's been a problem with that version > yet. But also, it turned out to be a false alarm. prelink changes file > sizes when it runs on binaries and libraries (ironically they get > bigger,) and tripwire was doing what it's supposed to do: warm about > file changes. > > Hi, The server still had a stock install of Solaris 8, no patches or anything applied yet. It was going to be a test box, but got it's external IP a little too soon :( When I said the vulnerability came out on the 8th, I was wrong, that was the update info, it looks like 8.12.10 patched the problem. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
