Ask for help - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>Security - 系统安全

Ask for help

Ask for help# Security - 系统安全

j*o2001-02-06 08:02

1 楼

New Redhat 7.0, never patched before. Today,
I found a new account with uid 0.
Here is the /var/log/messages. This looks like a overflow
bug.
I don't know which program has this bug. Can anyone
give a hint?
Thank you.

D*N2001-02-06 08:02

2 楼

If it's the never-patched Redhat you're vulunerable to the so-called
Ramen worm.. Looks like the user from 212.179.162.109 has already got
access to your machine thro the security hole from LPRng or wu-ftpd
Go get the patch as soon as possible from http://www.redhat.com/support/errata/
A complete reinstall is the safest option for you now. Then patch up
the system (every one is recommended.. :( that's a lot I know) and
disallow incoming requesting using tcp wrappers for all but trusted
ips.

【在 j*****o 的大作中提到】

: New Redhat 7.0, never patched before. Today,
: I found a new account with uid 0.
: Here is the /var/log/messages. This looks like a overflow
: bug.
: I don't know which program has this bug. Can anyone
: give a hint?
: Thank you.

j*o2001-02-06 08:02

3 楼

Yes, It looks like LPRng.
Thank you.

【在 D****N 的大作中提到】

: If it's the never-patched Redhat you're vulunerable to the so-called
: Ramen worm.. Looks like the user from 212.179.162.109 has already got
: access to your machine thro the security hole from LPRng or wu-ftpd
: Go get the patch as soon as possible from http://www.redhat.com/support/errata/
: A complete reinstall is the safest option for you now. Then patch up
: the system (every one is recommended.. :( that's a lot I know) and
: disallow incoming requesting using tcp wrappers for all but trusted
: ips.