[PLUG] spamassassin or spamass-milter exploit
Tim
tim-pdxlug at sentinelchicken.org
Tue Mar 16 19:40:28 UTC 2010
Hey Paul,
You can usually fall back on reading security mailing list archives to
get the real scoop on this stuff. In fact, I *strongly* recommend
anyone running public services like this to be on at least one or two
advisory lists, like bugtraq or full-disclosure. The first public
info on this, that I know of, came as a proof of concept exploit over
a week ago:
http://seclists.org/fulldisclosure/2010/Mar/140
More info posted yesterday:
http://seclists.org/fulldisclosure/2010/Mar/264
I hope by "clean things up" you mean you rebuilt your server from
clean media. Once someone runs code on your box, you should never
assume you can fully shut them out again. The linux kernel alone
seems to have a local root hole every week, let alone all of your
setuid binaries and racy root-priv cron jobs, etc.
Good luck,
tim
More information about the PLUG
mailing list