Re: backdoor in freebsd found..
From: Rainer Weikusat (weikusat@mail.uni-mainz.de)Date: 08/19/01
- Previous message: Dragos Ruiu: "Re: Flash Worms"
- Maybe in reply to: Renee Teunissen: "backdoor in freebsd found.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Renee Teunissen <renee@wittenburg10c.nl> Subject: Re: backdoor in freebsd found.. From: Rainer Weikusat <weikusat@mail.uni-mainz.de> Date: 19 Aug 2001 13:38:39 +0200 Message-ID: <87sneoqny8.fsf@winter.inter-i.uni-mainz.de>
Renee Teunissen <renee@wittenburg10c.nl> writes:
> it can be found on http://sms.pts.nl/renee/getty.gz (4KB).
This is a small forking tcp-server implementing three commands
(superficial analysis w/o much detail):
- kk1753834298:<filename>
Open the named file and send its contents over the net.
- kk876398366:<filename>
Open the named file for writing. It then starts reading lines from
the net. If the first char is '-' (0x2d), the remains are 'somehow'
unmangled (possibly decrypted, dunno) and written to the file. A
line starting with a dot (0x2e) causes the file to be closed and
the server subprocess to terminate. Anything else is silently
ignored.
- 2iy4fv:<shell command>
Duplicate 0, 1, 2 onto the TCP-connection and execute
<shell command> via system(3).
Anything else is ignored.
-- stone me---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Dragos Ruiu: "Re: Flash Worms"
- Maybe in reply to: Renee Teunissen: "backdoor in freebsd found.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
