Fedora Users — FC2 unpatched, critical vulnerabilities?

FC2 unpatched, critical vulnerabilities?

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: fedora-list@xxxxxxxxxx

Subject: FC2 unpatched, critical vulnerabilities?

From: Lorenzo Musizza <lmusizza@xxxxxxxxx>

Date: Mon, 17 Jan 2005 16:04:00 +0100

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=CdDe/wa/iAO53DHcGtP1G94G1xSi+7C01tv4HC1DWCCiJ5kBydMbXiAWzMEwPswm5c3f2elroae4j06srT+oFW7En25Aa0JE5+Q9YYY/TPZd72MP7vA8937llLkaI8ekLp9wEmc8YafujRS3lrOxTGkAaK8cOdCXw7MldZB3ewM=

List-archive: <https://www.redhat.com/archives/fedora-list>

List-help: <mailto:[email protected]?subject=help>

List-id: For users of Fedora Core releases <fedora-list.redhat.com>

List-post: <mailto:[email protected]>

List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>

Reply-to: Lorenzo Musizza <lmusizza@xxxxxxxxx>, For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Hi all,
one of my friends just had his FC2 based simple mailserver (with no
3rd party software and only smtp/pop/imap services running) hacked.
He told me that he noticed something strange seeing an unknown ip
address in the "Last login from" when logged in as root. Then he
changed the root password and waited: the same ip showed up in the
secure log as a failed login attempt but after only 5 seconds the logs
said ssh root login was successful.
My friend admitted he never patched the server with updates, and I
know allowing root ssh login is not recommended, but still I am a
little surprised.
Which are the most important vulnerabilities than can lead to a root
remote login on a plain FC2 box?
Thanks in advance,

Luciano