Debian attacker may have used new exploit

Robert Brockway robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at
Tue Dec 2 19:17:24 UTC 2003

On Tue, 2 Dec 2003, Justin Zygmont wrote:

> what I don;t understand about this, is how could they know that this was
> the exploit the hacker used, what if there is something else?

I believe the attacker left some clues such as binaries lying around and
these were reverse engineered, revealing the exploit.  I understand the
Redhat & Suse security teams worked with the Debian developers on this

It isn't impossible that there is another exploit but I consider it
unlikely.  Occam's Razor suggests it is likely only one exploit was used.
If I leave the front door open and the back door open a burglar will
probably only enter through one of them.  The burglar may not even
discover the other is open.

There might be other exploits on the Debian servers but that is as likely
to be the case as on any other box.  A properly patched box shouldn't have
any known security problems.


Robert Brockway B.Sc. email: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at, zzbrock at
Linux counter project ID #16440 (
"The earth is but one country and mankind its citizens" -Baha'u'llah
The Toronto Linux Users Group.      Meetings:
TLUG requests: Linux topics, No HTML, wrap text below 80 columns

More information about the Legacy mailing list