Re: ?hack cause?
From: olear mark g (olear@uiuc.edu)Date: 03/26/02
- Previous message: Gordon Ewasiuk: "Re: ?hack cause?"
- In reply to: Ailean Mhorgainn: "Re: ?hack cause?"
- Next in thread: Mike P: "Re: ?hack cause?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Mar 2002 14:08:14 -0600 From: olear mark g <olear@uiuc.edu> To: Andy Gabor <ajgabor@ucdavis.edu>
> At 11:30 AM 3/25/2002 -0800, you wrote:
>
> >Hi, I think I got hacked but not sure how.
> >
> >Env: Sol8 (all security patches installed - I think), Ultra 10
> >
...
> >
> >Effect:
> >1. lost /usr/dt/bin/rpc.cmsd
> >2. new files /usr/bin/login /usr/bin/.login.
I don't know anything about /usr/bin/.login and I have never seen it before.
You can check to see if /usr/bin/login (or any other file) is actually
from Sun at the following site:
http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl
You will need to download the md5-sparc binary from the same page.
It looks like the latest /usr/bin/login was from patch 111085-02. It is
the only thing in this patch. This patch is in the latest recommended
and security patch cluster.
If you are sure that /usr/bin/login is the only file that has been changed,
and that it wasn't from a Sun patch, you can always apply patch 111085-02
(you should probably install it anyway because it fixes a buffer-overrun
problem).
Mark
- Previous message: Gordon Ewasiuk: "Re: ?hack cause?"
- In reply to: Ailean Mhorgainn: "Re: ?hack cause?"
- Next in thread: Mike P: "Re: ?hack cause?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
