From owner-freebsd-security@FreeBSD.ORG Sat May 1 22:39:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F7CF16A4D5 for ; Sat, 1 May 2004 22:39:10 -0700 (PDT) Received: from smtp2.eunet.yu (smtp2.eunet.yu [194.247.192.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C93B43D31 for ; Sat, 1 May 2004 22:39:09 -0700 (PDT) (envelope-from kolicz@eunet.yu) Received: from smtp2.EUnet.yu (root@localhost) by smtp2.eunet.yu (8.12.10/8.12.10) with SMTP id i425d7Hb009657 for ; Sun, 2 May 2004 07:39:07 +0200 Received: from kolic.net (P-2.114.EUnet.yu [213.240.2.114]) by smtp2.eunet.yu (8.12.10/8.12.10) with ESMTP id i425d6k4009608 for ; Sun, 2 May 2004 07:39:06 +0200 Received: by kolic.net (Postfix, from userid 1001) id 749BF41F3; Sun, 2 May 2004 07:37:53 +0200 (CEST) Date: Sun, 2 May 2004 07:37:53 +0200 From: Zoran Kolic To: freebsd-security@freebsd.org Message-ID: <20040502053753.GA624@kolic.net> References: <20040501190057.E062D16A4DA@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040501190057.E062D16A4DA@hub.freebsd.org> Subject: Re: chkrootkit and 4.10-prerelease issues? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 May 2004 05:39:10 -0000 > Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or > later report chfn, chsh, and date as infected? > Is this similar to the 5.x issues with chkrootkit? Almost always. Mostly "date", but sometimes "ps", "ls"... First time I was scared to death. Nice little app with own secret life. ZK