>Maybe not all that much. This is one of my major fears about this bug, and
>a concern I've had for a long time about socks (and itelnet and other such
>tools that initiate connections through a firewall). An intruder who
>reached a system inside a firewall, just once, could install a cron job
>that, at a particular time every night, initiated a telnet connection to a
>high-numbered port on an outside site, and exec'd a shell if the connection
>(contractor or permanent employee) has left. (Though admittedly, there's
>only a tiny chance of this actually becoming a problem).
-rw-r--r-- 1 mark 813 Oct 20 02:03 wormcli.c
You mean ^^^ that file? It does precisely that.. you can run it via a .forward
or a cron, the former being less obvious. It's designed to self-install
with the right buggy sendmail...
The programs and bugs are out there.. it's up to the people that need to know
to have the knowledge of how to fix the bugs or else security everywhere is
reduced to humour for the black hats out there. Drop this "they'll find out"
crap and speak your mind because sure as Im sitting here, they already know,
probably before you did.
P.S. I've had that program for several years... it aint new.
P.P.S. I have removed the file from the system now. Dont ask for it. Sigh.