Date: Mon, 28 Jul 1997 17:27:15 -0700 (PDT) From: Vincent Poy <vince@mail.MCESTATE.COM> To: "Jonathan A. Zdziarski" <jonz@netrail.net> Cc: "[Mario1-]" <Mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net>, Robert Watson <robert+freebsd@cyrus.watson.org>, Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95.970728172339.3844N-100000@mail.MCESTATE.COM> In-Reply-To: <Pine.BSF.3.95q.970728184930.26434E-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Just a update on how the break-in was done after the hacker was confronted on irc. Apparently FreeBSD ships with .rhosts in the root account. Using this and perl5.00401, the user was able to rlogin onto the other machine without using a password. The .rhosts file was unaltered and was the same way FreeBSD installed it originally. The user broke the security of many of Netcom's Livingston Portmasters and was caching the DNS for netcom. Netcom Security wasunable to track down the user until dumping the entire portmaster off. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970728172339.3844N-100000>