Gentoo Archives: gentoo-security

From: Javier Barrio <coder@×××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Strange occurrence of sendmail and disk I/O in background....
Date: Tue, 19 Feb 2008 12:19:29
Message-Id: 20080219131453.6ff25af1@jbarrio.inet.s2k
In Reply to: [gentoo-security] Strange occurrence of sendmail and disk I/O in background.... by "Christopher P. Kern"
> I found vulnerabilities associated with a lower version of > sendmail but none with the version I've installed right now. > > Any suggestions, ideas, or explanations are welcomed.
It seems you could be owned by someone, maybe due to a combination of a web-app vulnerability which led to an apache shell which led to a kernel exploit execution, which led to root, which led to executing whatever, in that case, making your machine to be a spammer zombie or so. You know, the usual shit nowadays. Run the usual tools, chkrootkit, rkhunter, etc. Good luck. -- echo "dpefsAgmv{p/psh" | perl -pe 's/(.)/chr(ord($1)-1)/ge' GnuPG key ID 0x6D2FF8B5 @ pgp.rediris.es http://www.fluzo.org/ <º ))))><

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] Strange occurrence of sendmail and disk I/O in background.... Michael W Spitzer <mwspitzer@×××××.com>