Date: Wed, 30 Jul 1997 23:18:59 -0700 (PDT) From: FreeBSD Technical Reader <kernel@acromail.ml.org> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.96.970730231835.598E-100000@acromail.ml.org> In-Reply-To: <19970728171633.10794@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Is it also possible to do this with a raw socket using a custom protocol? On Mon, 28 Jul 1997, Ollivier Robert wrote: > According to Vincent Poy: > > 1) User on mercury machine complained about perl5 not working which was > > perl5.003 since libmalloc lib it was linked to was missing. > > 2) I recompiled the perl5 port from the ports tree and it's perl5.00403 > > and it works. > > I don't think he used perl to hack root unless you kept old versions of > Perl4 and Perl5. The buffer overflows in Perl4 were plugged in May by > Werner. 5.003+ holes are fixed in 5.004 and later. > > > 6) We went to inetd.conf and shut off all daemons except telnetd and > > rebooted and user still can get onto the machine invisibly. > > That shows that he has used a spare port to hook a root shell on. In these > case, "netstat -a" or "lsof -i:TCP" will give you all connections, > including those on which a program is LISTENing to. That way you'll catch > any process left on a port. > > -- > Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr > FreeBSD keltia.freenix.fr 3.0-CURRENT #23: Sun Jul 20 18:10:34 CEST 1997 >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970730231835.598E-100000>