That is a worry you should have. But we need to know how they did it before we just assume it. Anyone test it on another linux system? Fedora?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Verwayen Sent: Thursday, August 26, 2004 8:41 AM To: FD Subject: RE: !SPAM! [Full-Disclosure] Automated ssh scanning On Thu, 2004-08-26 at 15:12, Todd Towles wrote: > The kernel could be save. But with weak passwords, you are toast. Any > automated tool would test guest/guest. > Hello Todd! You are right about the passwords, but guest is only a unprivileged account as you may have on many prodruction machines. But they managed to become root on this machine due to a kernel(?) exploit! Should I then consider any woody system to be insecure to let people work at? Richard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
