[Pkg-exim4-users] Urgent: Can't install security update after?recent exploit

Andreas Metzler ametzler at downhill.at.eu.org
Fri Dec 17 18:42:28 UTC 2010

Sebastian Tennant <sebyte at smolny.plus.com> wrote:
> I've been bitten by the recent exploit (Bug 1044 / CVE-2010-4345).

> Here are the steps I've taken so far to try and rectify the situation:

> 1. Shutdown exim4.

> 2. Removed the two attacker files /var/spool/exim4/s & /var/spool/exim4/s.c
>    (both zero length at the time I discovered them and I had to 'chattr -ai'
>    them before they would og away).


the next step should be: Pull the network cable, zero the harddisk,
re-install from known good media or backup. The safe assumption is to
trust nothing on the system, the hacker could have installed a
rootkit, some backdoors, etc.

cu andreas

More information about the Pkg-exim4-users mailing list