[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Automated SSH login attempts? Related Cross post from incidents.org
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] Automated SSH login attempts? Related Cross post from incidents.org
- From: Jirka Kosina <jikos@xxxxxxxx>
- Date: Sun, 1 Aug 2004 17:49:04 +0200 (CEST)
On Fri, 30 Jul 2004, Harris, Michael C. wrote:
> We got zapped by some hackers from, I think, Romania that have a priv
> escalation exploit for Linux 2.4.20
> http://sirzion.illusivecreations.com/loginxy
This exploit really shouldn't be dangerous for any admin updating at least
once a year <g> - it is just a scriptkiddie exploit for old do_brk()
bounds check vulnerability.
--
JiKos.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html