Date: Wed, 5 May 2004 20:27:06 +1000 From: Tim Robbins <tjr@freebsd.org> To: jeff <jeff@olymail.net> Cc: stable@freebsd.org Subject: Re: chkrootkit Message-ID: <20040505102706.GA6080@cat.robbins.dropbear.id.au> In-Reply-To: <200405050951.i459psAN032283@gir.olymail.net> References: <200405050951.i459psAN032283@gir.olymail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 05, 2004 at 02:54:44AM -0700, jeff wrote: > The latest version of chkrootkit marks 3 files as being "INFECTED"; "chfn > chsh date" > The system is FreeBSD 4.10-BETA #2: Sun Apr 18 00:31:19 PDT 2004 > > These files are not detected correctly by the chkrootkit program or all my > 4.10 boxes have been "owned" or the source has been compromised. This is a known bug in chkrootkit. For one reason or another, it seems to break every time a new version of FreeBSD is released. The problem was discussed recently on the security list[1] and the resolution was that it will be fixed in the next release of chkrootkit. [1] http://marc.theaimsgroup.com/?l=freebsd-security&m=108359366700515&w=2 Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040505102706.GA6080>