Re: !SPAM! [Full-Disclosure] Automated ssh scanning

On Fri, 27 Aug 2004, andreas@inferno.nadir.org wrote:

> Richard,
>
> if you have another spare box, just install it like the first one
> and try all the exploits you got from the intruder.
> You have most likely a complete history file, so where's the problem?
> Remember, one of these binaries seems to be infected with RST, so erase
> that box afterwards..;)
> After that we hopefully can get rid of this thread...

I have checked today dist-upgraded debian sarge, with *default* kernel
(2.4.18-bf2.4), and it is still *vulnerable* to do_brk, kmod, and
ptrace exploits.

This kernel seems to be *not* patched since 2002.

-- 
..... Robert Jaroszuk - zim iq pl - [ IQ PL Sp. z o.o. ] .....
GCS/IT/O d? s: a-- C++ ULB++++$ P+ L++++$ E--- W- K- N+ DI+ V-
w M- PS+ PE Y(+) PGP-(+++) t-- 5? X- R tv-- b++>++++ D- y+ G++
.. http://zim.iq.pl/ . RJ735-RIPE . http://zim.iq.pl/photo/ ..
... The superior warrior wins without fighting -- Sun Tzu. ...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html