Re: [SLUG] Sony-BM Rootkit:

From: Paul M Foster (paulf@quillandmouse.com)
Date: Mon Nov 14 2005 - 00:54:25 EST


On Sun, Nov 13, 2005 at 07:54:50PM -0500, steve szmidt wrote:

> On Sunday 13 November 2005 13:10, Paul M Foster wrote:
> >
> > The question is: under either one of these scenarios, could a serious
> > hacker install a rootkit, and how?
>
> The answer is that it depends primarily on if these server apps have any
> vulnerabilities. Buffer overflows etc. Can the criminal gain user rights? As
> that user can he then gain access to other s/w which has more severe flaws?
>

It's also worth noting that even though you personally may be surfing or
acting on your machine as a lowly user, there are constantly running
processes on your machine which have full or at least some root
privileges. Sendmail is a good example. There have been numerous
sendmail exploits over the years, leading to sendmail's (perhaps
undeserved) reputation as a security problem. That's one of the reasons
why programs like Postfix (another popular MTA) run with multiple
executables that do different functions. The theory being that an
exploit in one program may not gain the hacker much if that program has
limited functionality and is only one of many necessary to process
email.

Paul
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:02:37 EDT