Date: Sat, 8 Sep 2001 16:53:05 +0200 (CEST) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: Kris Kennaway <kris@obsecurity.org> Cc: Kristen Doyle <colk@tampabay.rr.com>, FreeBSD securit <Freebsd-security@FreeBSD.ORG> Subject: Re: Remote Shell Trojan Message-ID: <Pine.BSF.4.21.0109081639360.856-100000@lhotse.zaraska.dhs.org> In-Reply-To: <20010908054458.A68778@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 8 Sep 2001, Kris Kennaway wrote: > On Sat, Sep 08, 2001 at 08:07:35AM -0400, Kristen Doyle wrote: > > Can anyone say for certian if FreeBSD is effected either as a base system or > > under linux compat > > > > the description of the vuln is here > > http://www.qualys.com/alert/remoteshell.html > > You could do something like this under almost any operating system > including FreeBSD. It doesn't exploit a security vulnerability per > se, it relies on being introduced into the system in another manner. This is true, however let's consider the following scenario: 1. we have a FreeBSD machine with Linux binary support loaded 2. someone runs the trojaned binary 3. if it turns out to work it will try to infect stuff under /bin. If it was run by root (improbable) it may succeed. However I don't think a hybrid of a FreeBSD software and Linux viral code would work. IMHO the infection attempt would rather corrupt each affected file then let the virus spread. So we may end up with garbage in /bin and nothing more. Things may however turn out to be more complicated if there are Linux binaries on the machine and virus finds them. Unfortunately I don't have any expendable FreeBSD machine to confirm my suspitions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109081639360.856-100000>