Date: Sat, 24 Feb 1996 17:10:31 -0500 (EST) From: Brian Tao <taob@io.org> To: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Suspicious symlinks in /tmp Message-ID: <Pine.BSF.3.91.960224170513.186B-100000@zap.io.org>
next in thread | raw e-mail | index | archive | help
I know I've read about this kind of hacking attempt before, but I can't seem to locate the information I had on this particular style. It looks like a botched attempt though, by someone who probably read about this vulnerability in a cracker 'zine or CERT/8lgm/bugtraq report. # cd /tmp ; ls -l passwd* lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.19573 -> /tmp/passwd-dir.19573 lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.20196 -> /tmp/passwd-dir.20196 lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.20543 -> /tmp/passwd-dir.20543 Could someone refresh my memory? -- Brian Tao (BT300, taob@io.org) Systems Administrator, Internex Online Inc. "Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960224170513.186B-100000>