[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Sambal root exploit found

To: suse-security@xxxxxxxx
Subject: [suse-security] Sambal root exploit found
From: Christian Boxhammer <box@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 16 May 2003 14:59:31 +0200
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Fri, 16 May 2003 15:00:47 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
User-agent: KMail/1.4.3

Hello list,

I have found a root exploit on our Linux Server (SuSE 7.2). The machine ist 
running samba-2.2.0a-51. This root exploit is named sambal. It creates a new 
user named postgres with HOME=/var/lib/pgsql/.
It can attack Linux, FreeBSD, NetBSD and OpenBSD machines. The source Code of 
this exploit can be found on www.netric.org.

My Problems:
How dangerous is this?
How can I detect, what the hacker does with our system? (HISTFILE unset by 
exploit)
Does anyone know anything about sambal?

Thanks
	Christian



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Prev by Date: Re: [suse-security] Message found in bootmessages
Next by Date: [suse-security] FW_MASQ_DEV="$FW_DEV_EXT"
Previous by thread: Re: [suse-security] Message found in bootmessages
Next by thread: re: [suse-security] Sambal root exploit found
Index(es):
- Date
- Thread