All of the comments listed here are quite rediculous. First off the backdoor was a local privledge escalation vulnerability so if a server is already compromized it could have led to root on such server. Most production web servers/schools/the majority of computers on the net. arnt going to be much of a problem for even a moronic attacker to get root on as the urgency is not really for patch implementation and system admin's at least good ones, arnt going to randomly update something which will take down the box unless they feel it is completely neccessary. Any remote compromise these days and in the past ( excluding certain systems which were properly level'd off/conforming to a higher security model b1 etc) has and should be considered a full compromise of the box. Since the introduced vulnerability is local, this would not lead to mass loads of compromised internet systems, nor as someone here wrote "widespread distribution of cc's across the internet". If it had not been caught it would likely remain undetected until someone randomly found it through a complete and detailed kernel audit. This kind of thing doesnt happen everday, a forumlar of the few people that can actually do a decent auditing job, and the luck of their source choice (wouldnt most of them be searching for remote vulnerabilities anyway ??). The question you should ask yourself is why was this particular vulnerability introduced. Which systems was this guy going after if at all, (If not any systems in particular it was probably done as something holding a certain coolness factor), Which machines on the net have fairly anal local security polocies and employ enough remote access that passwords illbegotten (ssh trojan/keyloggers etc. ) the answer seems to point to shellservers, and hosts used by "underground groups", hacker's boxes, Box's people use to irc and development servers, (silly developers giving everyone access to your systmes). The boxes employed by this group of people are going to probably have several users, and probably be implimenting higher levels of individual security and scrutiny. Does this vulnerability not fit this model perfectly?

Actually thikning out the ramafications and intentions of a persons actions seems to be a foriegn thought in the computer security field, ive heard this breach to be called an act of terrorism, when it seems like nothing more than a prank. Nothing seems to give security people kicks like scaring the general public eh?

- Cid

cid_skid_formersk (at) yahoo (dot) com [email concealed]

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/7388/23612#23612