Date: Thu, 10 Dec 2009 03:18:38 -0600 From: Paul Procacci <pprocacci@datapipe.com> To: "squirrel@isot.com" <squirrel@isot.com> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: Hacked - FreeBSD 7.1-Release Message-ID: <4B20BCEE.5020704@datapipe.com> In-Reply-To: <70b530187d5c4ef4336260f6fdf72193@mail.isot.com> References: <70b530187d5c4ef4336260f6fdf72193@mail.isot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> But far as rtld vulnerability, doesn't it require at least a local user account? No, it requires a script and a kiddie. ;) You'd expect your "index.php" (or similar) files would require a ftp/ssh/telnet connection, but useful "kids" have useful resources 'n which these things are not always required. Anyone can execute any code (apparently) on your machine via the exploit, having anything they want running on your machine, (i.e. that can set their env to whatever they want and get access to your machine pre -p5. Your safest bet especially since you weren't patched to the latest FreeBSD version which includes the rtld patch, is to simply not trust your machine at all; regardless of whether you are patching it now or not. I'd personally save your data, reformat the machine, and reinstall the items you need. ~Cheers This message may contain confidential or privileged information. If you ar= e not the intended recipient, please advise us immediately and delete this = message. See http://www.datapipe.com/emaildisclaimer.aspx for further info= rmation on confidentiality and the risks of non-secure electronic communica= tion. If you cannot access these links, please notify us by reply message a= nd we will send the contents to you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B20BCEE.5020704>