[SunRescue] Cracked!
Jonathan Katz
rescue at sunhelp.org
Sat May 12 09:40:03 CDT 2001
Hi!
There've been a *lot* of hacks out there based on the
following buffer overflow exploits:
snmpXdimd/snmpdx/dmispd (2 months old)
sadmind (2 years old, but there is a worm which
takes advantage of this now)
rpc.yppasswd (1 week old)
Making sure all these daemons are disabled will
definately make your box more secure. Running
things like 'strings' on ls and on any backdoor
daemons may give you hints as to who wrote the
code and where it came from.
The other trick is to set
noexec_user_stack = 1
noexec_user_stack_log = 1
in /etc/system
It essentially doesn't let buffer overflows execute
unless someone *really* knows what their doing. Most
script kiddies won't know their way around it.
The real key is hardening your box-- turning off stuff
you don't need.
-Jon
More information about the rescue
mailing list