[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: [BUGTRAQ] Big problem on 2.0.x?]
On Fri, Dec 10, 1999, Omer wrote about "[Fwd: [BUGTRAQ] Big problem on 2.0.x?]":
> This was posted to BugTraq today, and it seemed
> important enough to pass on (even though if you are
> a sysadmin and do not regularly read BT, you might
> deserve what you get).
>
> It's what I'd call a HUGE problem, not
> merely a big problem (unless of course you have
> no local users). In any case, I'd chmod u-s /bin/ping
> immediatly, and be careful not to ping as root (if
> you're not sure you're up to it, better make it
> chmod 000 /bin/ping :)
>..
>
I think that under most setups this is not such a "HUGE" problem. This
is indeed a big problem for a site with hundreds of curious shell users,
which like to try out if this indeed reboots the machine (remember the
Pentium lockup bug?). On machines used personally or as web servers, all
this bug means is that if someone can break into a regular account on your
server, then they reboot your machine, causing what is known as a DoS, a
Denial-of-Service attack because they can repeatedly reboot your machine.
DoS attacks can a big problem for some sites (e-commerce sites, or fbi.gov)
but much less to most sites, or to your home PC.
A much scarier scenario, in my opinion, is that the intruder gains superuser
access (through bugs and loopholes in your system), or even worse: if someone
can break into your machine remotely, without even having to break into an
account on your machine (e.g., by using a bug in your FTP server, perhaps).
Both these types of attacks are common, are announced frequently on bugtraq,
and I've personally seen them happen twice (most sysadmins simply are unaware
that their machines have been broken into), and caught (in time) an attempt
to break into my home Linux machine connected through PPP (!). Now these are
HUGE problems.
--
Nadav Har'El | Friday, Dec 10 1999, 2 Tevet 5760
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Cats know what we feel. They don't care,
http://nadav.harel.org.il |but they know.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il