1 |
On Monday 02 Aug 2004 21:46, Bryan O'Shea wrote: |
2 |
> On Mon, 2 Aug 2004, Dan Margolis wrote: |
3 |
> > --[PinePGP]--------------------------------------------------[begin]-- |
4 |
> > I should point out that this in no way confirms OpenSSH to be vulnerable. |
5 |
> > |
6 |
> > Do you run a webserver, perhaps with PHP or other risky server-side |
7 |
> > scripts enabled? Do you run any other services that may be a security |
8 |
> > risk (mail, database, etc)? Have you ever logged in remotely over an |
9 |
> > insecure connection or from a public access computer? |
10 |
> |
11 |
> These are the network daemons it is running. |
12 |
> |
13 |
> from portage tree: |
14 |
> openssh 3.8.1_p1-r1 |
15 |
> postfix 2.1.1 |
16 |
> |
17 |
> source install: |
18 |
> tpop3d 1.4.2 |
19 |
> |
20 |
> I don't log into the server from any public network/computer. |
21 |
> |
22 |
> |
23 |
> -- |
24 |
> gentoo-security@g.o mailing list |
25 |
|
26 |
-- |
27 |
Have you run a rootkit scanner on this box? For example chkrootkit. |
28 |
|
29 |
Regards |
30 |
|
31 |
Colin |