Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jul 1997 21:49:50 -0700 (PDT)
From:      Vincent Poy <vince@mail.MCESTATE.COM>
To:        Heikki Suonsivu <hsu@mail.clinet.fi>
Cc:        Gary Palmer <gpalmer@FreeBSD.ORG>, security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net>
Subject:   Re: security hole in FreeBSD 
Message-ID:  <Pine.BSF.3.95.970728214716.3844o-100000@mail.MCESTATE.COM>
In-Reply-To: <199707290434.HAA22497@katiska.clinet.fi>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Jul 1997, Heikki Suonsivu wrote:

=)
=)Vincent Poy writes:
=) > 	Machines are offline already.  The hacker confronted us and said
=) > that it was the default .rhosts file that came in the FreeBSD root account 
=) > and he used perl5.00401 which had a security hole and then used rlogin to
=) > login to another machine without the password.
=)
=)There is no default .rhosts file in FreeBSD, so the hacker is probably
=)trying to avoid telling you what was the real hole.
=)
=)Just for reference, there are large number of irc scripts which contain
=)backdoors (often well-disguised), which usually create .rhosts file with "+
=)+" in it.  The easiest way is to trick someone in the machine to run one of
=)those scripts and it opens the machine, then use one of the FreeBSD
=)holes or local misconfigurations to open the rest.

	I might just have gotten carried away about the .rhosts thing.
You're probably right about the .rhosts file because it's in my directory
on this machine but not in the root directory and the contents are just:
# This file should NOT be group or other readable.
#OtherMachine
#OtherMachine myFriend

	I haven't used irc like for a few years.  The machine is a irc
server though.  Not the one he originally hacked but the one he hacked
after he hacked the first one.  

Cheers,
Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
GaiaNet Corporation - M & C Estate                     / / / /  | /  | __] ]  
Beverly Hills, California USA 90210                   / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970728214716.3844o-100000>