Re[2]: Sendmail trojan...?
From: Nickolay A. Kritsky (nkritsky@internethelp.ru)
Date: 10/10/02
- Next message: David Schultz: "Re: access() is a security hole?"
- Previous message: Peter Pentchev: "Re: VPN Solutions for Win 2K/XP -> FreeBSD (Possible FAQ entry)"
- In reply to: Dragos Ruiu: "Re: Sendmail trojan...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Oct 2002 14:19:57 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: Dragos Ruiu <dr@kyx.net>
Hello Dragos,
Wednesday, October 09, 2002, 5:27:18 PM, you wrote:
DR> Where is the best collection of forensic information about
DR> this so the method can be understood and effects checked
DR> for? The CERT advisory mentioned trojaned versions "contain
DR> malicious code that is run during the process of building the
DR> software." It was less than illuminating about the method
DR> after that.
You can obtain additional info about sendmail's backdoor here:
From: netmask <netmask@enZotech.net>
Anyhow, I have made the backdoor'd sendmail code available at
http://www.enzotech.net/files/sm.backdoor.patch and the base64
portion is decoded at http://www.enzotech.net/files/sm.backdoor.base64.txt
;-------------------------------------------
; NKritsky
; mailto:nkritsky@internethelp.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: David Schultz: "Re: access() is a security hole?"
- Previous message: Peter Pentchev: "Re: VPN Solutions for Win 2K/XP -> FreeBSD (Possible FAQ entry)"
- In reply to: Dragos Ruiu: "Re: Sendmail trojan...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
