Hi Paul, > I could not find a direct e-mail to tell Sun/Cobalt about my hack. > Although I have all the security patches in place, including the 'Security: > proftpd Update 1.0.1' they got in using 'SDI linux remote exploit for > ProFTP' > > I have traced the hack to a Brazilian site which is freely available for > download. I can let Cobalt have the address if they do not already know > it.
It appears that this particular exploit has been around since September 1999. The script in question works for ProFTPd 1.2.0. But as far as I understand it the vulnerability in question should have been fixed in ProFTPD 1.2.0rc3. A Cobalt with all patches in place should have proftpd-1.2.2rc1-C2, so I wonder how you came to the conclusion that you've been hacked this way? I'll compile the exploit and will run it against my own machine for a look-see, though. -- With best regards, Michael Stauber SOLARSPEED.NET _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
