[Pkg-exim4-users] Urgent: Can't install security update after?recent exploit
ametzler at downhill.at.eu.org
Fri Dec 17 18:42:28 UTC 2010
Sebastian Tennant <sebyte at smolny.plus.com> wrote:
> I've been bitten by the recent exploit (Bug 1044 / CVE-2010-4345).
> Here are the steps I've taken so far to try and rectify the situation:
> 1. Shutdown exim4.
> 2. Removed the two attacker files /var/spool/exim4/s & /var/spool/exim4/s.c
> (both zero length at the time I discovered them and I had to 'chattr -ai'
> them before they would og away).
the next step should be: Pull the network cable, zero the harddisk,
re-install from known good media or backup. The safe assumption is to
trust nothing on the system, the hacker could have installed a
rootkit, some backdoors, etc.
More information about the Pkg-exim4-users