Date: Mon, 28 Jul 1997 17:16:33 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <19970728171633.10794@keltia.freenix.fr> In-Reply-To: <Pine.BSF.3.95.970728031228.3844A-100000@mail.MCESTATE.COM>; from Vincent Poy on Mon, Jul 28, 1997 at 03:19:55AM -0700 References: <Pine.BSF.3.95.970728031228.3844A-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Vincent Poy: > 1) User on mercury machine complained about perl5 not working which was > perl5.003 since libmalloc lib it was linked to was missing. > 2) I recompiled the perl5 port from the ports tree and it's perl5.00403 > and it works. I don't think he used perl to hack root unless you kept old versions of Perl4 and Perl5. The buffer overflows in Perl4 were plugged in May by Werner. 5.003+ holes are fixed in 5.004 and later. > 6) We went to inetd.conf and shut off all daemons except telnetd and > rebooted and user still can get onto the machine invisibly. That shows that he has used a spare port to hook a root shell on. In these case, "netstat -a" or "lsof -i:TCP" will give you all connections, including those on which a program is LISTENing to. That way you'll catch any process left on a port. -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #23: Sun Jul 20 18:10:34 CEST 1997
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970728171633.10794>