Date: Fri, 06 Nov 1998 17:19:13 +0300 From: "Alexander B. Povolotsky" <tarkhil@synchroline.ru> To: mwlucas@exceptionet.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: *huge* setuid diffs Message-ID: <199811061419.RAA01848@enterprise.sl.ru> In-Reply-To: Your message "Fri, 06 Nov 1998 07:58:31 EST." <199811061258.HAA22049@easeway.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<199811061258.HAA22049@easeway.com>mwlucas@exceptionet.com writes: >I just got /etc/security mail from two 2.2.6 servers I administer. The >setuid diffs list every setuid program on the server as having been removed >and replaced. > >We haven't done a make world. We haven't touched much of anything. > >Is this normal, or should I be worried? *IMMEDIATLY* shut down both server and do not bring them to Internet until you'll found the reason. It is *QUITE* abnormal. I would not call it "exploit", but it is something to understand at once. Alex. -- Alexander B. Povolotsky, System Administrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811061419.RAA01848>