Security Incidents mailing list archives
Re: /tmp/bob on compromised system
From: Joseph Pingenot <jap3003 () ksu edu>
Date: Mon, 24 Jul 2000 23:14:43 -0500
Hey.
We recently had a solaris 7 box compromised. We *think* that the crackers got initial access through the oracle account which has the default password :-(.
From what I've read, a Bad Idea. :/
deleting was /tmp/bob, now that rings a bell in my memory but I can't
Searching Google for "bob exploit" returned the following page: http://www.false.net/ipfilter/2000_03/0129.html Alta Vista returned nothing new and this was sufficient, so I dropped it. -- Joseph==============================================jap3003 () ksu edu "A perfect firewall, as Marcus Ranum has commented, is actually a pair of wirecutters applied to ALL wires associated with the computer and network." --Anton J Aylward, on the vuln-dev list
Current thread:
- /tmp/bob on compromised system Russell Fulton (Jul 24)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 25)
- Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system Ralf G. R. Bergs (Jul 27)
- Re: /tmp/bob on compromised system Joseph Pingenot (Jul 25)
- Re: /tmp/bob on compromised system Fredrik Ostergren (Jul 26)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 27)
- <Possible follow-ups>
- Re: /tmp/bob on compromised system Matt Merhar (Jul 25)
- Re: /tmp/bob on compromised system Security (Jul 26)
- Re: /tmp/bob on compromised system Adam Pendleton (Jul 25)
- Re: /tmp/bob on compromised system Rob McCauley (Jul 26)
- Re: /tmp/bob on compromised system Granquist, Lamont (Jul 27)
- Re: /tmp/bob on compromised system Russell Fulton (Jul 28)
- Re: /tmp/bob on compromised system Rob McCauley (Jul 26)
- Re: /tmp/bob on compromised system Jeffrey F. Lawhorn (Jul 25)
- Re: /tmp/bob on compromised system Jens Oeser (Jul 25)
- Re: /tmp/bob on compromised system Lynch Sean (Jul 26)