('binary' encoding is not supported, stored as-is) >Considering that there's an exploit big enough to drive a truck through >for LPD on Solaris, you might want to check to see if the version that >you have is vulnerable. LPD is really bad to run on the net and the >recent vulnerability could be your problem. No less than a dozen people replied personally to this post. It seems others have fallen victim to an identical exploit. Some asked if there were exploit remains left on the system. There don't appear to be. Sun Patch-ID# 109320-04 was suggested to me by a few people. One person said it may be an exploit for a different operating system, but this doesn't coincide with the idle processes I saw and confirmations by others that they were successfully attacked. The exploit remains a mystery. I did some searches on the securityfocus website for the exploit string (if that's what you'd call it) and saw nothing of interest, at least not on Bugtraq. Was one released elsewhere? > >Hope you server was 1.) In a DMZ, 2.) Has tripwire and can tell you what >changed. Otherwise, I would be _very_ wary. Yeah, the risk of an intrusion was acknowledged when we decided to expose it and surrounding systems to the Internet. Shame on us for not using tripwire though ;-( We'll reinstall from scratch with said patch applied. ------------------------------------------------------------ This email was sent through the free email service at http://www.anonymous.to/ To report abuse, please visit our website and click "Contact Us." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 10:37:41 PDT