Re: chkrotkit 4.1 and FreeBSD 4.5

From: Alex Povolotsky (tarkhil_at_webmail.sub.ru)
Date: 09/11/03

Next message: Bruce M Simpson: "Re: is one of my hosts a scanner?"

Previous message: Alex Povolotsky: "chkrotkit 4.1 and FreeBSD 4.5"
In reply to: Alex Povolotsky: "chkrotkit 4.1 and FreeBSD 4.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Sep 2003 12:50:02 +0400
To: freebsd-security@freebsd.org

On Thu, 11 Sep 2003 10:57:44 +0400
Alex Povolotsky <tarkhil@webmail.sub.ru> wrote:

AP> Hello!
AP>
AP> I've found that on two FreeBSD 4.5-RELEASE boxes chkrootkit finds:
AP>
AP> Checking `chfn'... INFECTED
AP> Checking `chsh'... INFECTED
AP> Checking `date'... INFECTED
AP> Checking `ls'... INFECTED
AP> Checking `ps'... INFECTED
AP>
AP> recompiling, say, ls from souces didn't help. False positive or
AP> source changed as well?

False positive. chkrootkit for some reason I could not understand thinks that 4.5-RELEASE is 5.*

-- 
Alex.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Bruce M Simpson: "Re: is one of my hosts a scanner?"

Previous message: Alex Povolotsky: "chkrotkit 4.1 and FreeBSD 4.5"
In reply to: Alex Povolotsky: "chkrotkit 4.1 and FreeBSD 4.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > FreeBSD-Security > 2003-09