Date: Sat, 24 Feb 1996 17:10:31 -0500 (EST) From: Brian Tao <taob@io.org> To: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Suspicious symlinks in /tmp Message-ID: <Pine.BSF.3.91.960224170513.186B-100000@zap.io.org>
next in thread | raw e-mail | index | archive | help
I know I've read about this kind of hacking attempt before, but I
can't seem to locate the information I had on this particular style.
It looks like a botched attempt though, by someone who probably read
about this vulnerability in a cracker 'zine or CERT/8lgm/bugtraq
report.
# cd /tmp ; ls -l passwd*
lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.19573 -> /tmp/passwd-dir.19573
lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.20196 -> /tmp/passwd-dir.20196
lrwxrwxrwt 1 bin user 21 Feb 24 17:04 passwd-link.20543 -> /tmp/passwd-dir.20543
Could someone refresh my memory?
--
Brian Tao (BT300, taob@io.org)
Systems Administrator, Internex Online Inc.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960224170513.186B-100000>