On Fri, 07 Jul 2000 12:46:12 PDT, "K. Graham" <kgraham@ican.net> said:
This exploit was used on us and we would like to remove any likelihood of others being compromised. The exploit is in the hands of the people at rootshell.
Umm.. is this a *new* exploit that the rootshell people have been given, but isn't in general circulation yet? If it's already available at rootshell, you should assume that every script kiddie on the planet has a copy, and start patching your systems. Unless you've been VERY lucky and are one of the first dozen or so machines to have been targeted by a brand-new exploit, removing the copy that's at earthlink is just urinating into the wind. Note - this is *NOT* saying that the Earthlink machine doesn't need cleaning up - just that the *exploit* is almost certainly widespread enough that removal of the one copy won't change the fact it's out there and will be used on others. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech