[plug] MS vulnerability

James Devenish devenish at guild.uwa.edu.au
Fri Aug 15 20:10:31 WST 2003


In message <3F3C940D.3000005 at postnewspapers.com.au>
on Fri, Aug 15, 2003 at 04:04:29PM +0800, Craig Ringer wrote:
> As for the best firewall choice: Debian :-)

Your spell checker doesn't seem to work. It's spelled "OpenBSD" ;)

In message <3F3CA17A.7010001 at jensz.id.au>
on Fri, Aug 15, 2003 at 05:01:46PM +0800, Ben Jensz wrote:
> Debian didn't stop GNU's web server from being gotten into :)
> 
> http://zdnet.com.com/2100-1105_2-5063658.html  (thanks to Kai for the link)

The violation was caused by a kernel vulnerability that was available
only to local users -- it wasn't distribution-specific and I don't know
how a "firewall" you protect you from a kernel attack by users that are
allowed to log into the affected host! (Not trying to defend Debian or
say "you're wrong" or anything -- just trying to clarify that this was
not an FTP daemon exploit.)

In message <200308151711.05052.quintin at arach.net.au>
on Fri, Aug 15, 2003 at 05:11:05PM +0800, Quintin Lette wrote:
> yes, I would agree they are running debian :)
> quin at dugite:~$ lynx -head -dump http://www.gnu.org

The affected host was the one used for ftp.gnu.org

In message <200308151711.05052.quintin at arach.net.au>
on Fri, Aug 15, 2003 at 05:11:05PM +0800, Quintin Lette wrote:
> they aren't as up to date as my debian system either...
[...]
> which is where the main problem really lies... a system is only as good as 
> its system administrator, and how up to date he keeps it, and whether or not 
> he applies the patches.

The FSF says that a Linux (kernel) patch was not available at the time
the break-in occurred. (Again, I'm just trying to clarify the
circumstances.)




More information about the plug mailing list