Date: Tue, 10 Dec 1996 21:53:48 -0500 (EST) From: Brian Tao <taob@io.org> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <Pine.BSF.3.95.961210215226.9494O-100000@nap.io.org> In-Reply-To: <199612100745.XAA00966@salsa.gv.ssi1.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 9 Dec 1996, Don Lewis wrote:
>
> Hmn, I think wu-ftpd runs as root in anonymous mode so that it can
> chroot(). I seem to recall there was a buffer overflow bug in it's
> private realpath() implementation.
I'm going to install the latest wuftpd beta as Mark H. and Cy S.
have suggested. Sendmail has also been upgraded to 8.8.4, just to be
safe (although there isn't much safe with sendmail around... ;-)).
> } I don't think we're dealing with someone that sophisticated yet.
> } They would have had to patch a running kernel, since there hasn't been
> } any recent reboots.
>
> I just mentioned this for completeness. It's something that you should
> really check if root has been compromised.
The kernels seem to check out, as does everything in /lkm.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961210215226.9494O-100000>