From owner-freebsd-security Tue Jun 25 17:20:48 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA12631 for security-outgoing; Tue, 25 Jun 1996 17:20:48 -0700 (PDT) Received: (from jmb@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA12620; Tue, 25 Jun 1996 17:20:45 -0700 (PDT) From: "Jonathan M. Bresler" Message-Id: <199606260020.RAA12620@freefall.freebsd.org> Subject: Re: I need help on this one - please help me track this guy down! To: jbhunt@mercury.gaianet.net (jbhunt) Date: Tue, 25 Jun 1996 17:20:45 -0700 (PDT) Cc: mark@grumble.grondar.za, msmith@atrad.adelaide.edu.au, vince@mercury.gaianet.net, mark@grondar.za, security@FreeBSD.ORG, chad@mercury.gaianet.net In-Reply-To: from "jbhunt" at Jun 25, 96 12:52:24 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk jbhunt wrote: > > Yes I read the security reports as I said it hasn't been reporting any > unusual suid programs. No, he won't tell me I already asked of course. As > vince stated we are remote admin's we both have to su to root so the only > person on the actual console is chad. As for running a script I know for could be a new one or could be a moldy old one. you have to su to root on a remote computer. how do you get access to the remote macine? telnet? serial line? encrypted? or in the clear? > a fact that I wasn't running anything at the time. I know this guys > methods for the most part so I am almost sure he has some new exploit. He > also claims to have one that EVERY linux box is vulnerable to of course > he won't tell me or give it to me. jmb -- Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/ PGP 2.6.2 Fingerprint: 31 57 41 56 06 C1 40 13 C5 1C E3 E5 DC 62 0E FB