What could a regular user do with a .rpmdb directory uploaded?
- From: francis picabia <fpicabia@xxxxxxxxx>
- Date: Wed, 6 Jun 2012 12:20:51 -0300
I think I've found a compromised user account.
This is on Debian but alien is installed. The attackers have
not made a move yet, but have done some tests and kept
their connections to scp/sftp to be unnoticed by last.
There is a directory .rpmdb uploaded to their home
directory. How could this be used to set up their
software? I mean, is there a special angle they
are aiming at which achieves a result they would
not have realized by only using make on their sources?
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
Archive: http://lists.debian.org/CA+AKB6HHMEU1Wh8JpC7mxM0Y2WGJjTudNhdNVEro8R=jjir4Bw@xxxxxxxxxxxxxx
- Follow-Ups:
- Prev by Date: Re: [OT] Re: the ghost of UEFI and Micr0$0ft
- Next by Date: Re: [OT] Re: the ghost of UEFI and Micr0$0ft
- Previous by thread: Re: LSI MegaRAID SAS 9240-4i hangs system at boot
- Next by thread: Re: What could a regular user do with a .rpmdb directory uploaded?
- Index(es):
Relevant Pages
|
