chfn, date, chsh INFECTED according to chkrootkit
From: probsd org (probsdorg_at_yahoo.com)
Date: 08/18/04
- Previous message: Devon H. O'Dell: "Re: sequences in the auth.log"
- Next in thread: Thordur Ivar B.: "Re: chfn, date, chsh INFECTED according to chkrootkit"
- Reply: Thordur Ivar B.: "Re: chfn, date, chsh INFECTED according to chkrootkit"
- Reply: Tommy K: "Re: chfn, date, chsh INFECTED according to chkrootkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Aug 2004 05:11:02 -0700 (PDT) To: freebsd-security@freebsd.org
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn, cfsh, and date are stilling showing as
infected.
Is my assumption that I am seeing a false positive
correct, or anyone know of an exploit that would
affect these 3 binaries ( and even after a 'make
world' from clean src )?
Michael
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Devon H. O'Dell: "Re: sequences in the auth.log"
- Next in thread: Thordur Ivar B.: "Re: chfn, date, chsh INFECTED according to chkrootkit"
- Reply: Thordur Ivar B.: "Re: chfn, date, chsh INFECTED according to chkrootkit"
- Reply: Tommy K: "Re: chfn, date, chsh INFECTED according to chkrootkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
