Date: Fri, 9 Jan 1998 10:25:14 -0800 (PST) From: ken@bolingbroke.com To: freebsd-gnats-submit@FreeBSD.ORG Subject: conf/5470: Security compromised on new installation of FreeBSD Message-ID: <199801091825.KAA25618@hub.freebsd.org> Resent-Message-ID: <199801091830.KAA26109@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 5470 >Category: conf >Synopsis: Security compromised on new installation of FreeBSD >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 9 10:30:00 PST 1998 >Last-Modified: >Originator: Ken Bolingbroke >Organization: >Release: 2.2.5-RELEASE >Environment: FreeBSD sacto.bolingbroke.com 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Tue Oct 2114:33:00 GMT jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC i386 >Description: After initial network installation of FreeBSD, using the /stand/sysinstall utility to add further software removes any modified user db and replaces it with the default including a root account with *no* password. I only noticed this when I got console messages of an attempted root login. My system was compromised and at least one trojan horse was found on this system. Since it was a new installation, I just wiped the hard disk and started over, but using /stand/sysinstall again wiped my new user db and cleared the root password. I haven't isolated the problem, but I'm using /stand/sysinstall after the initial installation because X-Windows doesn't seem to install correctly... >How-To-Repeat: Use /stand/sysinstall to add additional software... >Fix: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801091825.KAA25618>