On Wed, 2007-08-01 at 08:44 -0400, Kristian Hermansen wrote: > Just thought someone (Kees) might want to check this one out :-) > > <snip> > From: "James E. Jones" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date: Wed, 11 Jul 2007 09:07:09 -0700 (PDT) > Subject: 0day linux 2.6 /dev/mem rootkit found > I found one interesting tool on my server, with the > name 'Boxer 0.99 BETA3'. It's protected by ELFuck > linux executables obfuscator. Google doesn't know > anything about it. > Now, it is available at http://surfall.net/rel.tar.gz > (ELFuck password: 'notdead') > Anybody seen it before? > </snip> > --
Doesn't really look like an exploit to me. This binary requires that you already have root on the system. It's basically a rootkit (unless I'm missing something, but I'm not about to execute this program). Once someone has root, your system is a done deal for the most part. -- Ubuntu : http://www.ubuntu.com/ Linux1394: http://wiki.linux1394.org/ -- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
