lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0401051408590.15264-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Patched Solaris Boxes being Hacked??

Any system this day in age to get hacked via finger, rpc and/or ftp can
not be considered to have been patched nor secured in any real manner,
thus these were exposed systems without security measures in place, and as
susceptable <almost> as any default widowns system one just got for x-mas
and exposed without patches and anti-viri software and secureity measures
taken to lock them down.

Thanks,

Ron DuFresne

On Mon, 5 Jan 2004, Compton, Rich wrote:

> Anyone out there have more information on ISC's reports of patched Solaris
> boxes being compromised?  Here's the quote from the Incident Handler's Diary
> for today:
>
> "Solaris 8 Hacks. We've received a few reports of significant intrusions
> into networks of patched Solaris 8 machines. Initial analysis indicates what
> appears to be a multi-vector attack, using finger, rpcbind, and ftp. In one
> network, the systems that got broken into did not have tcpwrappers installed
> nor did they have the rpcbind from Wietse Venema and Casper Dik that has
> tcpwrapper support. However, there were Solaris 8 systems in the same
> machine room that are behind on patches, but have tcp wrappers installed and
> they were not broken into. If there have been other cases of similar
> intrusions in the past few days, the Storm Center would like to hear about
> it."
>
> -Rich Compton
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ