Hacked - FreeBSD 7.1-Release

Markiyan Kushnir mkushnir at lohika.com
Thu Dec 10 10:28:06 UTC 2009

As long as you have to re-install everything from scratch, you can 
consider installing 8.0 and having your services jailed. The new jail is 
announced to be much improved.


Paul Procacci wrote:
>  >> But far as rtld vulnerability, doesn't it require at least a local
> user account?
> No, it requires a script and a kiddie.  ;)  You'd expect your
> "index.php" (or similar) files would require a ftp/ssh/telnet
> connection, but useful "kids" have useful resources 'n which these
> things are not always required.
> Anyone can execute any code (apparently) on your machine via the
> exploit, having anything they want running on your machine, (i.e. that
> can set their env to whatever they want and get access to your machine
> pre -p5.
> Your safest bet especially since you weren't patched to the latest
> FreeBSD version which includes the rtld patch, is to simply not trust
> your machine at all; regardless of whether you are patching it now or
> not.  I'd personally save your data, reformat the machine, and reinstall
> the items you need.
> ~Cheers
> This message may contain confidential or privileged information.  If you are not the intended recipient, please advise us immediately and delete this message.  See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"

More information about the freebsd-stable mailing list