jhornerKNOXLUG.ORG

• Next message: Erich Meier: "Re: Rooted through in.identd on Red Hat 6.0"
• Previous message: Rob Lee: "Re: Tools to analyze "captured" binaries?"
• In reply to: Del Elson: "Rooted through in.identd on Red Hat 6.0"
• Next in thread: Del Elson: "Re: Rooted through in.identd on Red Hat 6.0"
• Next in thread: Erich Meier: "Re: Rooted through in.identd on Red Hat 6.0"
• Reply: J. J. Horner: "Re: Rooted through in.identd on Red Hat 6.0"
• Reply: Del Elson: "Re: Rooted through in.identd on Red Hat 6.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 19 Apr 2000, Del Elson wrote:

> Hi,
>
> A client was hacked last week by what looked like a buffer
> overflow through in.identd. This was on a Red Hat 6.0
> box.
>
> RH don't have any current security notices or fixes for
> in.identd on their servers, and I haven't seen other
> boxes hacked through in.identd recently.
>
<snip>
> Anyone know of any current bug notices, exploits, or
> patches for in.identd?
>
> Del
>

Well, he could have gotten in somewhere else and just put the backdoor in
identd. I've had people get in on nameservers with old versions of BIND,
then backdoor another service.

Jon

--
J. J. Horner
Apache, Perl, Unix, Linux
jhornerknoxlug.org http://www.knoxlug.org/

• Next message: Erich Meier: "Re: Rooted through in.identd on Red Hat 6.0"
• Previous message: Rob Lee: "Re: Tools to analyze "captured" binaries?"
• In reply to: Del Elson: "Rooted through in.identd on Red Hat 6.0"
• Next in thread: Del Elson: "Re: Rooted through in.identd on Red Hat 6.0"
• Next in thread: Erich Meier: "Re: Rooted through in.identd on Red Hat 6.0"
• Reply: J. J. Horner: "Re: Rooted through in.identd on Red Hat 6.0"
• Reply: Del Elson: "Re: Rooted through in.identd on Red Hat 6.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]