Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Jul 1997 07:34:20 +0300 (EEST)
From:      Heikki Suonsivu <hsu@mail.clinet.fi>
To:        Vincent Poy <vince@mail.MCESTATE.COM>
Cc:        Gary Palmer <gpalmer@FreeBSD.ORG>, security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net>
Subject:   Re: security hole in FreeBSD 
Message-ID:  <199707290434.HAA22497@katiska.clinet.fi>
In-Reply-To: <Pine.BSF.3.95.970728172905.3844O-100000@mail.MCESTATE.COM>
References:  <3749.870135741@orion.webspan.net> <Pine.BSF.3.95.970728172905.3844O-100000@mail.MCESTATE.COM>

next in thread | previous in thread | raw e-mail | index | archive | help

Vincent Poy writes:
 > 	Machines are offline already.  The hacker confronted us and said
 > that it was the default .rhosts file that came in the FreeBSD root account 
 > and he used perl5.00401 which had a security hole and then used rlogin to
 > login to another machine without the password.

There is no default .rhosts file in FreeBSD, so the hacker is probably
trying to avoid telling you what was the real hole.

Just for reference, there are large number of irc scripts which contain
backdoors (often well-disguised), which usually create .rhosts file with "+
+" in it.  The easiest way is to trick someone in the machine to run one of
those scripts and it opens the machine, then use one of the FreeBSD
holes or local misconfigurations to open the rest.

 > Cheers,
 > Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 
 > Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
 > GaiaNet Corporation - M & C Estate                     / / / /  | /  | __] ]  
 > Beverly Hills, California USA 90210                   / / / / / |/ / | __] ]
 > HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]

-- 
Heikki Suonsivu, T{ysikuu 10 C 83/02210 Espoo/FINLAND, hsu@clinet.fi
mobile +358-40-5519679 work +358-9-43542270 fax -4555276



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707290434.HAA22497>