Date: Sat, 10 Nov 2007 15:25:57 +0100 From: "Mike -freebsd" <mike.freebsd@gmail.com> To: freebsd-ports@freebsd.org Subject: 4203:31337 (possible exploit?) Message-ID: <84f7f5800711100625l6a0ef442m1a6824fa74c56972@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Guys, is anyone else seeing this? Check for files with an unknown user or group: /usr/ports /usr/ports/Mk /usr/ports/Mk/bsd.commands.mk /usr/ports/Mk/bsd.apache.mk [.....whole ports tree.....] # ls -al /usr/ total 48 drwxr-xr-x 14 root wheel 512 Jun 27 20:01 . drwxr-xr-x 23 root wheel 512 Nov 4 20:51 .. lrwxr-xr-x 1 root wheel 10 Oct 14 14:45 X11R6 -> /usr/local drwxr-xr-x 2 root wheel 7168 Nov 7 05:04 bin drwxr-xr-x 2 root wheel 512 Oct 20 06:38 games drwxr-xr-x 47 root wheel 4608 Oct 20 06:39 include drwxr-xr-x 6 root wheel 8192 Oct 20 06:39 lib drwxr-xr-x 5 root wheel 512 Jan 27 2007 libdata drwxr-xr-x 5 root wheel 1536 Oct 20 06:39 libexec drwxr-xr-x 14 root wheel 512 Oct 17 16:55 local drwxr-xr-x 3 root wheel 512 Oct 20 14:13 obj drwxr-xr-x 69 4203 31337 1536 Nov 9 13:59 ports drwxr-xr-x 2 root wheel 4608 Oct 20 06:39 sbin drwxr-xr-x 26 root wheel 512 Jan 27 2007 share drwxr-xr-x 23 root wheel 1024 Oct 20 04:55 src I see this on three of four FreeBSD 7 boxes and only on /usr/ports/ (why...?). Anyone else?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?84f7f5800711100625l6a0ef442m1a6824fa74c56972>