From owner-freebsd-security Mon Jul 28 17:27:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id RAA16531 for security-outgoing; Mon, 28 Jul 1997 17:27:46 -0700 (PDT) Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA16524 for ; Mon, 28 Jul 1997 17:27:43 -0700 (PDT) Received: from localhost (vince@localhost) by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id RAA07295; Mon, 28 Jul 1997 17:27:15 -0700 (PDT) Date: Mon, 28 Jul 1997 17:27:15 -0700 (PDT) From: Vincent Poy To: "Jonathan A. Zdziarski" cc: "[Mario1-]" , JbHunt , Robert Watson , Tomasz Dudziak , security@FreeBSD.ORG Subject: Re: security hole in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Just a update on how the break-in was done after the hacker was confronted on irc. Apparently FreeBSD ships with .rhosts in the root account. Using this and perl5.00401, the user was able to rlogin onto the other machine without using a password. The .rhosts file was unaltered and was the same way FreeBSD installed it originally. The user broke the security of many of Netcom's Livingston Portmasters and was caching the DNS for netcom. Netcom Security wasunable to track down the user until dumping the entire portmaster off. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]