Date: Thu, 10 Dec 2009 12:17:04 +0200 From: Markiyan Kushnir <mkushnir@lohika.com> To: "squirrel@isot.com" <squirrel@isot.com> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: Hacked - FreeBSD 7.1-Release Message-ID: <4B20CAA0.5030409@lohika.com> In-Reply-To: <4B20BCEE.5020704@datapipe.com> References: <70b530187d5c4ef4336260f6fdf72193@mail.isot.com> <4B20BCEE.5020704@datapipe.com>
next in thread | previous in thread | raw e-mail | index | archive | help
As long as you have to re-install everything from scratch, you can consider installing 8.0 and having your services jailed. The new jail is announced to be much improved. Markiyan. Paul Procacci wrote: > >> But far as rtld vulnerability, doesn't it require at least a local > user account? > > No, it requires a script and a kiddie. ;) You'd expect your > "index.php" (or similar) files would require a ftp/ssh/telnet > connection, but useful "kids" have useful resources 'n which these > things are not always required. > > Anyone can execute any code (apparently) on your machine via the > exploit, having anything they want running on your machine, (i.e. that > can set their env to whatever they want and get access to your machine > pre -p5. > > Your safest bet especially since you weren't patched to the latest > FreeBSD version which includes the rtld patch, is to simply not trust > your machine at all; regardless of whether you are patching it now or > not. I'd personally save your data, reformat the machine, and reinstall > the items you need. > > ~Cheers > > This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B20CAA0.5030409>