|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andy Farkas (andyf
speednet.com.au)Date: Mon Jul 23 2001 - 20:27:46 CDT
On Mon, 23 Jul 2001, FreeBSD Security Advisories wrote:
> Topic: telnetd contains remote buffer overflow
Well, hate to say this, but several of my systems were cracked into. No
need to say any more, it was all my fault...
Anyways, there was a process running called 'mingetty' with a zombie
/bin/sh right after it... the file was added to /usr/bin and given a
time/datestamp similar to the other files to make it look like it was
installed with the system ... a line was also added to /etc/rc to start it
up on reboot...
Heaven knows what else they did, but I just thought I'd send a heads-up,
as this was a fairly obvious hack to spot...
Bad Andy. No cookie.
--:{ andyf
Andy Farkas System Administrator Speednet Communications http://www.speednet.com.au/
To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]