beowabbit: (0)
beowabbit ([personal profile] beowabbit) wrote 2011-01-19 03:41 pm (UTC)

I don’t have the CVE links handy, but an Exim vulnerability that allows a very long header to write to any place Exim can write to, and then invoke Exim with the resulting file as a config file -- so essentially it gets you remote root. I haven’t done forensics yet on the old image, but what called my attention to it was segfaults in normal commands called out of cron, so there was clearly a rootkit on it.
(5 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.