What could a regular user do with a .rpmdb directory uploaded?
- From: francis picabia <fpicabia@xxxxxxxxx>
- Date: Wed, 6 Jun 2012 12:20:51 -0300
I think I've found a compromised user account.
This is on Debian but alien is installed. The attackers have
not made a move yet, but have done some tests and kept
their connections to scp/sftp to be unnoticed by last.
There is a directory .rpmdb uploaded to their home
directory. How could this be used to set up their
software? I mean, is there a special angle they
are aiming at which achieves a result they would
not have realized by only using make on their sources?
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx