Date: Tue, 29 Jul 1997 07:34:20 +0300 (EEST) From: Heikki Suonsivu <hsu@mail.clinet.fi> To: Vincent Poy <vince@mail.MCESTATE.COM> Cc: Gary Palmer <gpalmer@FreeBSD.ORG>, security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net> Subject: Re: security hole in FreeBSD Message-ID: <199707290434.HAA22497@katiska.clinet.fi> In-Reply-To: <Pine.BSF.3.95.970728172905.3844O-100000@mail.MCESTATE.COM> References: <3749.870135741@orion.webspan.net> <Pine.BSF.3.95.970728172905.3844O-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy writes: > Machines are offline already. The hacker confronted us and said > that it was the default .rhosts file that came in the FreeBSD root account > and he used perl5.00401 which had a security hole and then used rlogin to > login to another machine without the password. There is no default .rhosts file in FreeBSD, so the hacker is probably trying to avoid telling you what was the real hole. Just for reference, there are large number of irc scripts which contain backdoors (often well-disguised), which usually create .rhosts file with "+ +" in it. The easiest way is to trick someone in the machine to run one of those scripts and it opens the machine, then use one of the FreeBSD holes or local misconfigurations to open the rest. > Cheers, > Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ > Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] > GaiaNet Corporation - M & C Estate / / / / | / | __] ] > Beverly Hills, California USA 90210 / / / / / |/ / | __] ] > HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] -- Heikki Suonsivu, T{ysikuu 10 C 83/02210 Espoo/FINLAND, hsu@clinet.fi mobile +358-40-5519679 work +358-9-43542270 fax -4555276
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707290434.HAA22497>