From owner-freebsd-security@FreeBSD.ORG Wed Jun 27 01:51:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D881010656FD for ; Wed, 27 Jun 2012 01:51:35 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-gh0-f182.google.com (mail-gh0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3D1828FC17 for ; Wed, 27 Jun 2012 01:51:35 +0000 (UTC) Received: by ghbz22 with SMTP id z22so648162ghb.13 for ; Tue, 26 Jun 2012 18:51:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=SfAHjsbdAjNKyi6dqU8tgrN+i5H9psaDr9VZWUhP3Zw=; b=Hs519DL268dFyr0lqLciX+0xYz0ok87Nt4MAa0H66GJo1x5NUEe0xOH2QGzYwSH1lZ aEwke46C6mmXQxkZRjnXWpi+sQre6PVLSakcUiltinaMbP9URUOhcjOuag/V3g0Mem8b k5uK4R6/Y3VNOJi6CFbKFg1eOHmqkJKnfkgCA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=SfAHjsbdAjNKyi6dqU8tgrN+i5H9psaDr9VZWUhP3Zw=; b=bRRRbv+E025qmNrRKnQlvY6M/CzRhiUwtkat7tYa5rzoL6Nc77bMwcsJwZA+lyBAJb TzaUs0hTxraNEBi1+ZPMCMfDuPlIQCCw3YogXmtupZ05JaL+t3NCGCO57PExMjaDNGON NYmVxvexn9ywJ+gsQut3KeXdD8QgmI0eoP2SdpPxnAXJXj3M0xYfQ/pGASYejUCCIhmN gMojNsYf0mk8+C2WpqX7BRpRPCGAU/pjoJ6r9XJaMpEUBq1g3aQMiKL0LmYQtZxY6lSm ZxAhU1yKYfA1KvPCzIfs4k1yE/YTTPmPbzYH88fiB3j00nEuBbpf5+RKEtwrqxKFaAV1 Xi/A== Received: by 10.50.237.72 with SMTP id va8mr129649igc.17.1340761894211; Tue, 26 Jun 2012 18:51:34 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id gh2sm7264283igb.9.2012.06.26.18.51.33 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 26 Jun 2012 18:51:33 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5R1pV8s011512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 26 Jun 2012 21:51:31 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5R1pUuV011511; Tue, 26 Jun 2012 21:51:30 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Tue, 26 Jun 2012 21:51:30 -0400 From: Jason Hellenthal To: trap9 trap9 Message-ID: <20120627015130.GA10619@DataIX.net> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Gm-Message-State: ALoCoQkLp5tOzmnlE5uo3Sgfvjdj20f66uqyIOhEMRk83XZGVb74mGKVu7ZAHRvYvBEbj+V0KDjM Cc: freebsd-security@freebsd.org Subject: Re: BSD TelnetD Exploit on one of my servers X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2012 01:51:36 -0000 How about some sort of indication of what you are running... uname -a ? On Wed, Jun 27, 2012 at 12:17:01AM +0200, trap9 trap9 wrote: > This is what I find on one of my servers : > It appears to be a telnet exploit code for CVE-2011-4862. > > http://www.4shared.com/zip/mgSStKnU/wolverine-final.html > > Richard > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- - (2^(N-1))