Hey Paul, You can usually fall back on reading security mailing list archives to get the real scoop on this stuff. In fact, I *strongly* recommend anyone running public services like this to be on at least one or two advisory lists, like bugtraq or full-disclosure. The first public info on this, that I know of, came as a proof of concept exploit over a week ago: http://seclists.org/fulldisclosure/2010/Mar/140
More info posted yesterday: http://seclists.org/fulldisclosure/2010/Mar/264 I hope by "clean things up" you mean you rebuilt your server from clean media. Once someone runs code on your box, you should never assume you can fully shut them out again. The linux kernel alone seems to have a local root hole every week, let alone all of your setuid binaries and racy root-priv cron jobs, etc. Good luck, tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
