[SWLUG] Possible SSH hole
Mark Fisher
Mark.Fisher at ftech.net
Mon May 19 15:10:49 UTC 2003
Hey,
I'm getting reports from friends on other networks that they're seeing
fully patched linux boxes with rootkits installed.
There's a thread on the Irish LUG about this
http://www.linux.ie/pipermail/ilug/2003-May/003089.html
Quick check look for
/dev/dev
/usr/share/locale/*/.sk12
Early suggestions are to run an initial sweep of chkrootkit
locally (latest version) as this spots the new breed of
rootkits which only live in kmem.
http://www.lbedford.org/debian has a backport of the latest chkrootkit
to woody for Debian users.
Rumour has it that stjude and stmichael are apparently reasonable
defenses against it http://www.wwjh.net/, I've not tested them myself.
It is starting to look like there might be a new ssh hole out there, no
confirmation on this yet
Mark
--
Regards,
Mark Fisher
Mark Fisher - Technical Support - Frontier Internet Services Limited
Tel:0870 737 3737 Fax: 029 20820038 http://www.frontier.net.uk
Statements made are at all times subject to Frontier's Terms and Conditions of Business, which are available upon request.
More information about the Swlug
mailing list