j*****o
发帖数: 320 | 1 New Redhat 7.0, never patched before. Today,
I found a new account with uid 0.
Here is the /var/log/messages. This looks like a overflow
bug.
I don't know which program has this bug. Can anyone
give a hint?
Thank you. | D****N
发帖数: 430 | 2 If it's the never-patched Redhat you're vulunerable to the so-called
Ramen worm.. Looks like the user from 212.179.162.109 has already got
access to your machine thro the security hole from LPRng or wu-ftpd
Go get the patch as soon as possible from http://www.redhat.com/support/errata/
A complete reinstall is the safest option for you now. Then patch up
the system (every one is recommended.. :( that's a lot I know) and
disallow incoming requesting using tcp wrappers for all but trusted
ips.
【在 j*****o 的大作中提到】
: New Redhat 7.0, never patched before. Today,
: I found a new account with uid 0.
: Here is the /var/log/messages. This looks like a overflow
: bug.
: I don't know which program has this bug. Can anyone
: give a hint?
: Thank you.
| j*****o
发帖数: 320 | 3 Yes, It looks like LPRng.
Thank you.
【在 D****N 的大作中提到】
: If it's the never-patched Redhat you're vulunerable to the so-called
: Ramen worm.. Looks like the user from 212.179.162.109 has already got
: access to your machine thro the security hole from LPRng or wu-ftpd
: Go get the patch as soon as possible from http://www.redhat.com/support/errata/
: A complete reinstall is the safest option for you now. Then patch up
: the system (every one is recommended.. :( that's a lot I know) and
: disallow incoming requesting using tcp wrappers for all but trusted
: ips.
|
|
