Hi all, Just to let you know, if you haven't seen already that Realserver 7,8,9 remote exploit for Linux and Windows has been released. You can find more information at: http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html And the exploit at: http://www.k-otik.com/exploits/08.25.THCREALbad.c.php Regards, Bojan Zdrnja > -----Original Message----- > From: Alexander Reelsen [mailto:refat_private] > Sent: Wednesday, 20 August 2003 11:46 p.m. > To: incidentsat_private > Subject: Re: possible 0-day exploit for latest > Real-/Helixserver 9.0.2.794 > > > Hello > > On Tue, Aug 19, 2003 at 07:55:02PM -0000, Brian Benitez wrote: > > can anyone confirm if this exploit would work on a FreeBSD Helix > > server? We have been having unexplained spontaneous restarts > > for a while now, but as of August 17th they've been accompanied > > by the behavior of not writing the access log after the restart. > I cannot confirm this. The only systems being exploited I > have seen so far > were RedHat and Debian GNU/Linux systems on x86. Furthermore > the suckit > rootkit, a rootkit modifying /dev/kmem instead of using > modules to change > system calls, was installed. This also won't work on freebsd I guess. > > In addition, the exploit for the helix server (on one system > there were > no other services which were not blocked by the firewall, > internal hacking > can be ruled out, so it somehow has to be the helix stuff at > least to get > partly in) was not found. > Both systems were used for further hacking (which was caught > by the IDS as > outgoing traffic was detected). > > > We haven't found any obvious rootkit signs, but we're still looking > > into it. If anyone knows about any other symptomatic behavior > > related to this problem, I'd love to hear about it. > Reading this threat it seems to be the unintended restart of the helix > server... > > > MfG/Regards, Alexander > > -- > Alexander Reelsen http://tretmine.org > refat_private > > -------------------------------------------------------------- > ------------- > Captus Networks - Integrated Intrusion Prevention and Traffic > Shaping > - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans > - Automatically Control P2P, IM and Spam Traffic > - Ensure Reliable Performance of Mission Critical Applications > - Precisely Define and Implement Network Security and > Performance Policies > **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo > Visit us at: > http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 > -------------------------------------------------------------- > -------------- > --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 08:39:09 PDT