Re: Security Check Diffs Question

From: Pierre-Luc Lespérance (silence@oksala.org)
Date: 07/25/01 

Date: Tue, 24 Jul 2001 19:16:16 -0400
From: Pierre-Luc Lespérance <silence@oksala.org>
To: security@freebsd.org

Jon Loeliger wrote:
>
> Hi Folks,
>
> This morning, on a machine that's been up for 33 days,
> I suddenly saw these /etc/security diffs:
>
> <host> setuid diffs:
> 20,22c20,22
> < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chfn
> < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chpass
> < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chsh
> ---
> > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chfn
> > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chpass
> > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/chsh
> 53,55c53,55
> < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchfn
> < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchpass
> < 8047 -r-sr-xr-x 6 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchsh
> ---
> > 8270 -r-sr-xr-x 1 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchfn
> > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchpass
> > 8047 -r-sr-xr-x 5 root wheel 32184 Nov 20 06:01:52 2000 /usr/bin/ypchsh

If your box is not really* important. You sould lets it like that
and wait for the return of the Evil telnetd cracker (if any) and mail
a little paper to is ISP.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Security Check Diffs Question
    ... Jon Loeliger wrote: ... >Hi Folks, ... how paranoid am I here? ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: VIRUS HELP????
    ... >> serious folks there too. ... >Black lists are a reflection of stupidity, laziness and a lack of talent. ... you are getting internet services from an ISP that is also doing business ... business with known spammers. ...
    (alt.computer.security)
  • Re: corrupted downloads
    ... the old posts. ... realize that folks here are too defensive to acknowledge issues with Vista. ... house with an different ISP than the one you are using, ... I am using Vista Home Premium 32bit and every program I am downloading ...
    (microsoft.public.windows.vista.general)
  • Re: [fw-wiz] The home user problem returns
    ... > The fact that ISPs are now seeing enough pressure (from customers, RBLs, ... > an antivirus app and personal firewall. ... that of a tech within an ISP. ... Afterall, what are folks ...
    (Firewall-Wizards)
  • Re: Another VMS inquirer article
    ... Some folks think its wasteful and foolish to advertise by ... Kettle" go on cable-TV to say, "We run an ISP. ... "I'd rather see a crooked furrow than a field ...
    (comp.os.vms)