Date: Wed, 24 Apr 2002 16:02:11 -0700 From: Jason DiCioccio <geniusj@bluenugget.net> To: "Patrick O. Fish" <patrick@pwhsnet.com>, freebsd-security@freebsd.org Subject: Re: su: s/key Message-ID: <513728078.1019664131@[192.168.4.56]> In-Reply-To: <009101c1ebdf$341b4000$0300a8c0@zeus> References: <009101c1ebdf$341b4000$0300a8c0@zeus>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========513747854========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Wednesday, April 24, 2002 3:27 PM -0700 "Patrick O. Fish"=20 <patrick@pwhsnet.com> wrote: > I just got back from a vacation today. I had an email from my security > officer saying that he was able to use an exploit to get root, and that = he > patched it (took suid off that file). I goto su, and i get this: > > patrick@apollo:~$ su > s/key 95 snosoft2 > Password: > If what you're saying is that when you got back from vacation and tried to=20 su, you got that s/key prompt, then it looks like someone has already used=20 the stdio exploit on your box. Cheers, -JD- ---- Useless .sig --==========513747854========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iD8DBQE8xzl201CVlgQ2fAgRAi4xAKCFILgdcuL4LwHO5nFRHriu5L4oaACfQxKE Gllu+57HesHM9sWmB/mOD1g= =D1nN -----END PGP SIGNATURE----- --==========513747854==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?513728078.1019664131>