similar to: Bind Overrun Bug and Linux

George Brown sent this to my private Email address instead of to the list. Because I forwarded it, my addres is in the header. Roger. ----- Forwarded message from root ----- >From root@bull.bullnet.co.uk Mon Aug 24 16:20:29 1998 Received: from dutepp0.et.tudelft.nl by rosie.BitWizard.nl (fetchmail-4.2.9 POP3 run by wolff) for <wolff@localhost> (single-drop); Mon Aug 24

>Date: Tue, 11 Aug 1998 13:21:06 -0400 >From: CERT Advisory <cert-advisory@cert.org> >To: cert-advisory@coal.cert.org >Subject: CERT Advisory CA-98.10 - mime_buffer_overflows >Reply-To: cert-advisory-request@cert.org >Organization: CERT(sm) Coordination Center - +1 412-268-7090 > >-----BEGIN PGP SIGNED MESSAGE----- >

> > systems which no longer seem to have this. This file contained an archive of > > the trojan''s that were inserted into the compromised system - does anybody know > > what is in these trojans? > > Check the Linux RootKit ... (LRK).. > > Typically LRK to use config-files.. (and typically LRK-users to place > files in /dev.. find /dev -type f | grep -v

For those who are unaware... [mod: This whole bind affair has gone a bit out of hand. Elias from Bugtraq found "public" info indicating the problem. ISC/CERT were working on releasing the bugfix together with the fix. Now everybody is scurrying to get fixes out now that "the public" knows about this. As far as I know, Red Hat (& Caldera) made a new RPM, based on the most

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.20 Original issue date: September 18, 1996 Last revised: -- Topic: Sendmail Vulnerabilities - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:05 *** The CERT Coordination Center

-------- Is this old? I couldn''t find it in the linux-security archives. If so, please disregard. Dan ------- Forwarded Message Return-Path: cppm_reg_sysadmins-owner@fnal.gov Received: from FNAL.FNAL.Gov (fnal.fnal.gov [131.225.9.8]) by sapphire.fnal.gov (8.8.7/8.8.7) with ESMTP id LAA27322 for <yocum@sapphire.fnal.gov>; Tue, 13 Oct 1998 11:12:23 -0500 Received: from raven

This morning I discovered this in my clamav report from one of our imap servers: /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: Unix.Trojan.MSShellcode-21 FOUND I have looked at this script and it appears to be part of the nmap distribution. It actually tests for irc backdoors. IRC is not used here and its ports are blocked by default both at the gateway and on all internal hosts.

The following advisory was issued by CERT yesterday. Because it affects FreeBSD systems as well, we are forwarding it to the appropriate FreeBSD mailing lists. We would like to thanks CERT for cooperation with the FreeBSD security officer on this subject. -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-98-13-tcp-denial-of-service Original Issue Date: December 21, 1998 Last Revised

Enjoy.... ugh. Dan ____________________________________________________________________________ Dan Yocum | Phone: (630) 840-8525 Computing Division OSS/FSS | Fax: (630) 840-6345 .~. L Fermi National Accelerator Lab | email: yocum@fnal.gov /V\ I P.O. Box 500 | WWW: www-oss.fnal.gov/~yocum/ // \\ N Batavia, IL

We had an incident recently where an openssh client and server were replaced with trojanned versions (it has SKYNET ASCII-art in the binary, if anyone's seen it. Anyone seen the source code ?). The trojan ssh & sshd both logged host/user/password, and probably had a login backdoor. Someone asked me what was their exposure if they used public/private keys instead of passwords. My

-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-21 GNU Project FTP Server Compromise Original issue date: August 13, 2003 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Overview The CERT/CC has received a report that the system housing the primary FTP servers for the GNU software project was compromised. I. Description

I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection. I have reason to think my system has been tampered with. Security features in Mac OS X have been left unlocked (Preference Pane - Users) even though a master lock has always been set in the Security Preference Pane. This locks all other important preference panes which could be tampered with. Also permissions have been

I know acroread is not part of CentOS but many people use it. Thought forwarding this post on the SciLinux mailing list might help those who use acroread on CentOS-4. === excerpt === The "latest" version officially compatible with RHEL4 is acroread-7.0.9, but this currently has open security holes (CVE-2007-5663 et al). http://www.adobe.com/support/security/advisories/apsa08-01.html

This is the guy that has a ton of email addresses. Almost as many as he has phone numbers. google "kvj" He doesn't like our president either: Here's look at a MISERABLE FAILURE and I use facts: George W. Bush (herein referred to as 'bushwhack') is the village idiot and he pushed a series of Trojan horses at Americans: 1) The Overtime Pay act is nothing more than a

Hi, some more info on the previous admw0rm alert. Fwd'd from BugTraq Greetings, Jan-Philip Velders ---------- Forwarded message ---------- Date: Fri, 26 Mar 1999 21:17:40 +0100 From: Mixter <mixter@HOME.POPMAIL.COM> To: BUGTRAQ@NETSPACE.ORG Subject: Re: ADM Worm. Worm for Linux x86 found in wild. The "ADM w0rm" is public and can be found at:

I am running Linux 2.0.30 (Redhat 4.2) and have recently been hacked. I have tightened up security but still feel vulnerable. In running the program mscan which was kindly left on my system I get this. bullnet.co.uk: VULN: linux box vulnerable to named overflow. 194.242.135.145: VULN: redhat linux box running imapd. This is after upgrading to the versions as below. bind-4_9_7-0

I am running CentOS 5 on a dual-dual-core Intel machine, and I am seeing a load average of between 0.35 and 0.50 while the machine is idle, i.e. no processes appear to be running. Both top and uptime report the same thing. Looking at top, I cannot see any processes that are using CPU time except for top and init, and they are not using enough cycles to push up the load average. According to

Someone I was speaking with this evening claimed they have installed the latest named rpms yet they are still getting exploited daily and being hacked. Do the latest rpm''s for the named 4.9.x stuff fix all the root exploits or is this person just an idiot who probably has holes elsewhere in the system?

As halflife demonstrated in Phrack 50 with his linspy project, it is trivial to patch any system call under Linux from within a module. This means that once your system has been compromised at the root level, it is possible for an intruder to hide completely _without_ modifying any binaries or leaving any visible backdoors behind. Because such tools are likely to be in use within the hacker

On 10/19/2016 11:34 AM, Leonard den Ottolander wrote: > Hello Gordon, > *snip* > > Personally I would be more concerned whether or not to enable ECDSA > algorithms (https://blog.cr.yp.to/20140323-ecdsa.html). > > Regards, > Leonard. > For web server ECDSA certs is currently a concern because the only curves with popular support across browsers have parameters that were