Date: Sun, 30 Sep 2001 02:08:13 -0400 From: "Doug Reynolds" <mav@wastegate.net> To: "FreeBSD" <freebsd@XtremeDev.com>, "Jason" <jason@jason-n3xt.org> Cc: "questions@freebsd.org" <questions@freebsd.org> Subject: Re: I was rooted using telnet Message-ID: <20010930060843.C78C137B407@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
On Sun, 30 Sep 2001 00:38:38 +0000 (GMT), Jason wrote: >I do recall the security notice. I read it on the website and from the >security list. I was already planning a cvsup at the time and I asked a >couple of BSD gurus I know if that when I update my sources by cvsup, >would that take care of the problem. They told me it would. So a couple >of days after I saw the security advisory I cvsuped from >cvsup2.FreeBSD.org (i usually only use 2 or 3) and thought the problem was >taken care of. I don't recall seeing any other advisories. the only thing i can think of is if they hacked u, they probably grabbed your root password and logged on with it. _always_ ssh when you su >> Were you running a ver of FreeBSD prior to July 23, 2001? Versions prior >> to July 23 had a remotely rootable telnetd as per >> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc >> >> On Sat, 29 Sep 2001, Jason wrote: >> >> > Hello: >> > >> > A couple of days ago I was rooted by someone using a telnet exploit. I >> > have been cvsup'ing my sources regularly and was using 4.4-RC at the >> > time. I've since moved to 4.4-STABLE. It looks like they used some kind >> > of script. I still have it if anyone wants it. Since then I have turned >> > off telnet in inetd and blocked the port with a firewall. >> > >> > Anyone have any ideas on how a person could do this? I looks like this >> > script just tries to move a lot of data for a long period of time. >> > >> > --- >> > Jason >> > jason@jason-n3xt.org >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-questions" in the body of the message >> > >> > >> > >> >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > --- doug reynolds | the maverick | mav@wastegate.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010930060843.C78C137B407>