Date: Tue, 18 Nov 1997 04:07:48 GMT
From: mike@sentex.net (Mike Tancsa)
To: randyk@ccsales.com ("Randy A. Katz")
Cc: questions@freebsd.org
Subject: Re: HOW (HIJACK ROOT PROCESS)
Message-ID: <347113cd.4961454@coal.sentex.net>
In-Reply-To: <3.0.5.32.19971116091341.00ca0650@ccsales.com>
References: <3.0.5.32.19971116091341.00ca0650@ccsales.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 16 Nov 1997 09:13:41 -0800, in sentex.lists.freebsd.questions you wrote: >Hello, > >I suspect someone hijacked a root process, downloaded master.passwd, ran >cracker (or something like that) on it and gained complete access to one of >my systems. > >I'm running FreeBSD 2.2.2 RELEASE with the latest sendmail, bind, mail que >software (qpop)... I believe there are a couple of security holes in 2.2.2-RELEASE that would give root access to none wheel user... Have a look at the cvsup info at http://www.freebsd.org/handbook/handbook228.html#483 for instructions on how to stay current with 2.2-RELENG. ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?347113cd.4961454>