Date: Tue, 29 Jul 1997 11:13:24 +0400 (DST) From: "Sergei S. Laskavy" <laskavy@cs.msu.su> To: langfod@dihelix.com Cc: vince@mail.MCESTATE.COM, security@FreeBSD.ORG, mario1@PrimeNet.Com, johnnyu@accessus.net Subject: Re: security hole in FreeBSD Message-ID: <199707290713.LAA04724@ns.cs.msu.su> In-Reply-To: <199707281830.IAA15209@caliban.dihelix.com> (langfod@dihelix.com)
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "David" == David Langford <langfod@dihelix.com> writes:
David> I recently caught a breakin faily simaliar. The perp
[...] David> replace /bin/login with one that would let them login to
David> ANY account with a password of "lemmein". The login would
David> NOT be logged and so it was very difficult to tell what was
David> going on.
David> My only guess is that they used the old suidperl hack to
David> get root. Supposedly this doesnt work on newer perl
David> though.
Please, add a note about insecure sperl4.036 and sperl5.003 somewhere
in ERRATA.TXT or in SECURITY.TXT or even in README.TXT and maybe in
some other appropriate places.
People are still just downloading the "bin" distribution and then
hackers are able to gain root easily.
David> My suggestion to you would be to get a clean source tree,
David> recompile everything and install tripwire.
David> -David Langford langfod@dihelix.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707290713.LAA04724>