Date: Fri, 1 Dec 2000 12:21:24 +0200 From: Nevermind <never@nevermind.kiev.ua> To: freebsd-security@freebsd.org Cc: freebsd-stabe@freebsd.org Subject: Important!! Vulnerability in standard ftpd Message-ID: <20001201122124.H2185@nevermind.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hello! The parallel thread are discussing suspicious drwxr-xr-x ftp/staff 0 Jul 31 00:04 2000 incoming/* dirs. I'm 100% sure that it is hack. I've been hacked few month ago this way. (with standard ftpd) First I've found incoming/~tmp./ dir. Then I've found suspicious process called "supa" (it may vary, I think). I don't exactly remember how I found directory in which ls -la said: ls: .: No such file or directory. This hack corrupts filesystem to make it's datadirs invisible. fsck in single mode severeal times helps. It is ttyp* and ttyv* sniffer, logger, password cracker. Please, check it out! -- Alexandr P. Kovalenko http://nevermind.kiev.ua/ NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001201122124.H2185>