Date: Mon, 28 Jul 1997 17:30:44 -0700 (PDT) From: Vincent Poy <vince@mail.MCESTATE.COM> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net> Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95.970728172905.3844O-100000@mail.MCESTATE.COM> In-Reply-To: <3749.870135741@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Gary Palmer wrote: =)Vincent Poy wrote in message ID =)<Pine.BSF.3.95.970728031228.3844A-100000@mail.MCESTATE.COM>: =)> Saw the user on irc posting the password of earth with the login =)> name root. Any ideas? =) =)Take the machine offline and reinstall the *ENTIRE* thing. You have =)been root kitted, which allows remote access & hiding of remote =)access, without any daemons needed to be running. Machines are offline already. The hacker confronted us and said that it was the default .rhosts file that came in the FreeBSD root account and he used perl5.00401 which had a security hole and then used rlogin to login to another machine without the password. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970728172905.3844O-100000>