recent mass Solaris and Linux attacks
Brian Kelsay
BLKELSAY at kcc.usda.gov
Wed Apr 14 19:01:28 CDT 2004
http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html
Short blurb: Lots of academic, research and High Performance computers have been compromised.
Looks to be due to kernels not being updated.
"Local user accounts are escalated to root privileges by triggering a variety of local exploits,
including the do_brk() and mremap() exploits on Linux and the sadmind, arbitrary kernel loading
modules and passwd vulnerabilities on Solaris"
If you manage machines such as these, have you updated your kernel beyond 2.4.22?
Brian Kelsay
More information about the Kclug
mailing list