As long as you have to re-install everything from scratch, you can
consider installing 8.0 and having your services jailed. The new jail is
announced to be much improved.
Markiyan.
Paul Procacci wrote:
>> But far as rtld vulnerability, doesn't it require at least a local
user account?
No, it requires a script and a kiddie. ;) You'd expect your
"index.php" (or similar) files would require a ftp/ssh/telnet
connection, but useful "kids" have useful resources 'n which these
things are not always required.
Anyone can execute any code (apparently) on your machine via the
exploit, having anything they want running on your machine, (i.e. that
can set their env to whatever they want and get access to your machine
pre -p5.
Your safest bet especially since you weren't patched to the latest
FreeBSD version which includes the rtld patch, is to simply not trust
your machine at all; regardless of whether you are patching it now or
not. I'd personally save your data, reformat the machine, and reinstall
the items you need.
~Cheers
This message may contain confidential or privileged information. If you are
not the intended recipient, please advise us immediately and delete this
message. See http://www.datapipe.com/emaildisclaimer.aspx for further
information on confidentiality and the risks of non-secure electronic
communication. If you cannot access these links, please notify us by reply
message and we will send the contents to you.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"
