Date: Mon, 09 Dec 2013 22:11:08 -0800 From: "Jason C. Wells" <jcw@speakeasy.net> To: fbsd_chat <freebsd-chat@freebsd.org> Subject: Rooted Message-ID: <52A6B07C.5050606@speakeasy.net>
next in thread | raw e-mail | index | archive | help
For the second time in my life I've been rooted. I found a barbut.bsd.core file and a talkng file in my /root directory. Barbut is some sort of binary that a webserver hack seems to download and run after a broken module provides access. That's bothersome enough. But the very bothersome part is that I do not run any services on this box beyond what is needed to provide packet filtering and ftp-proxy. I have all accounts disabled. I only login after booting to single user mode on the console. I'm looking at the security advisories and I don't see one that seems to apply to my 8.2 system in my configuration. So, short of an exploit in the network stack, pf, and ftp-proxy, what is a possible attack vector? Regarding the security advisory lingo, does "unprivileged user" mean a remote attacker? Most (all?) of the advisories seem to involve local exploits or exploitable services. Regards, Jason C. Wells
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52A6B07C.5050606>