From owner-freebsd-security Wed Jun 26 13:23:21 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA07968 for security-outgoing; Wed, 26 Jun 1996 13:23:21 -0700 (PDT) Received: from mercury.gaianet.net (root@mercury.gaianet.net [206.171.98.26]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA07955 for ; Wed, 26 Jun 1996 13:23:18 -0700 (PDT) Received: (from vince@localhost) by mercury.gaianet.net (8.7.5/8.6.12) id RAA19313; Tue, 25 Jun 1996 17:35:44 -0700 (PDT) Date: Tue, 25 Jun 1996 17:35:44 -0700 (PDT) From: -Vince- To: "Jonathan M. Bresler" cc: jbhunt , mark@grumble.grondar.za, msmith@atrad.adelaide.edu.au, mark@grondar.za, security@FreeBSD.ORG, chad@mercury.gaianet.net Subject: Re: I need help on this one - please help me track this guy down! In-Reply-To: <199606260020.RAA12620@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 25 Jun 1996, Jonathan M. Bresler wrote: > jbhunt wrote: > > > > Yes I read the security reports as I said it hasn't been reporting any > > unusual suid programs. No, he won't tell me I already asked of course. As > > vince stated we are remote admin's we both have to su to root so the only > > person on the actual console is chad. As for running a script I know for > > could be a new one or could be a moldy old one. > you have to su to root on a remote computer. > how do you get access to the remote macine? telnet? serial line? > encrypted? or in the clear? We telnet and relogin from thousands of miles away.... > > a fact that I wasn't running anything at the time. I know this guys > > methods for the most part so I am almost sure he has some new exploit. He > > also claims to have one that EVERY linux box is vulnerable to of course > > he won't tell me or give it to me. Vince