Date: Mon, 15 Jul 1996 04:09:48 -0400 (EDT) From: jaeger <jaeger@dhp.com> To: jbhunt <jbhunt@mercury.gaianet.net> Cc: freebsd-security@freebsd.org Subject: Re: New EXPLOIT located! Message-ID: <Pine.LNX.3.91.960715040506.639A-100000@dhp.com> In-Reply-To: <Pine.BSF.3.91.960714212321.1806A-300000@mercury.gaianet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Jul 1996, jbhunt wrote: > Ok, for almost 3 weeks now we at Gaianet have been tracking root hackers > around our box. FINALLY, today at about 3 pm one of them made a BIG BIG > mistake. Fortunately, for us I was around to watch what happened and kill > the user before he was able to erase his history files and the exploit > itself. So here are the files necessary to fix whatever hole this > exploits. We run Freebsd Current so it obviously makes most freebsd > systems vulnerable to a root attack. I appreciate any help you can offer. > > John > SysAdmin Gaianet This is the rdist overflow exploit posted to bugtraq a few days ago by Brian Mitchell. No magic there ;>. Once again, your posting of the crackers history logs was very informative. It appears they were busy trading passwords on the IRC. At least he's adept enough at using find... -jaeger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.960715040506.639A-100000>