Date: Tue, 24 Jul 2001 11:27:46 +1000 (EST) From: Andy Farkas <andyf@speednet.com.au> To: <security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:49.telnetd (fwd) Message-ID: <Pine.BSF.4.33.0107241127180.56024-100000@backup.af.speednet.com.au>
next in thread | raw e-mail | index | archive | help
On Mon, 23 Jul 2001, FreeBSD Security Advisories wrote:
> Topic: telnetd contains remote buffer overflow
Well, hate to say this, but several of my systems were cracked into. No
need to say any more, it was all my fault...
Anyways, there was a process running called 'mingetty' with a zombie
/bin/sh right after it... the file was added to /usr/bin and given a
time/datestamp similar to the other files to make it look like it was
installed with the system ... a line was also added to /etc/rc to start it
up on reboot...
Heaven knows what else they did, but I just thought I'd send a heads-up,
as this was a fairly obvious hack to spot...
Bad Andy. No cookie.
--
:{ andyf@speednet.com.au
Andy Farkas
System Administrator
Speednet Communications
http://www.speednet.com.au/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0107241127180.56024-100000>