[MPlayer-dev-eng] MPHQ server maintainence, upgrade

Gabucino gabucino at mplayerhq.hu
Sun Dec 21 11:03:47 CET 2003

Birzan George Cristian wrote:
> > later due to some hidden traps. Possibly due to recent lame Linux
> > kernel vulnerability (greetz to kernel devs for not publishing details
> > much earlier).
> a) If the compromise happened on the 16th of November, and you found out
> what vulnerability was used in that attack
We didn't. We just found the sk12 rootkit.

> If you didn't find out what vulnerability was used in that attack, why
> mention it in the first place?
Because it's lame, and because 99% it was the culprit.

> b) I've searched both Google and the mailing list archives, but didn't find
> any announcement of the compromise. What happened with the box after it was
> compromised?
Nothing. rootkit removed, vulnerability not found, box running.

> Could you clarify that? What Debian bugs were used?
I guess someone has to break in first to use the brk exploit..

> 3) Could you, _PLEASE_, stop with the FUD about Debian? Really, it does
> neither side any good.
See the thread on -users

MPlayer Core Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/attachments/20031221/4c969d0d/attachment.pgp>

More information about the MPlayer-dev-eng mailing list