[CentOS] SSHD rootkit in the wild/compromise for CentOS 5/6?
Les Mikesell
lesmikesell at gmail.com
Fri Feb 22 19:50:15 UTC 2013
On Thu, Feb 21, 2013 at 6:03 PM, Johnny Hughes <johnny at centos.org> wrote:
>
> This issue is not CentOS specific ... here is another discussion:
>
> http://www.webhostingtalk.com/showthread.php?t=1235797
>
> The issue seems to be that someone with local access elevates their
> privileges in some manner, and after they upgrade their privileges they
> are then putting a new libkeyutils*.so file on the machine.
But don't forget that what the kernel people call 'local' access
really means any bug in any network application that lets you execute
an arbitrary command even if it is non-root - and those have
historically been pretty common.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list