Date: Tue, 24 Jul 2001 11:27:46 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: <security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:49.telnetd (fwd) Message-ID: <Pine.BSF.4.33.0107241127180.56024-100000@backup.af.speednet.com.au>
next in thread | raw e-mail | index | archive | help
On Mon, 23 Jul 2001, FreeBSD Security Advisories wrote: > Topic: telnetd contains remote buffer overflow Well, hate to say this, but several of my systems were cracked into. No need to say any more, it was all my fault... Anyways, there was a process running called 'mingetty' with a zombie /bin/sh right after it... the file was added to /usr/bin and given a time/datestamp similar to the other files to make it look like it was installed with the system ... a line was also added to /etc/rc to start it up on reboot... Heaven knows what else they did, but I just thought I'd send a heads-up, as this was a fairly obvious hack to spot... Bad Andy. No cookie. -- :{ andyf@speednet.com.au Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0107241127180.56024-100000>