Security Incidents mailing list archives
Re: OpenBSD rootkit
From: Markus Friedl <markus () openbsd org>
Date: Tue, 16 Jul 2002 11:21:54 +0200
i think this is just a trojaned sshd server, there are many similar patches available. On Sun, Jul 14, 2002 at 08:55:07AM +0200, Przemyslaw Frasunek wrote:
--- s1 Sun Jul 14 08:48:17 2002 +++ s2 Sun Jul 14 08:48:26 2002 @@ -6,9 +6,10 @@ -@(#)$OpenBSD: sshd.c,v 1.239.2.3 2002/06/26 15:30:39 jason Exp $ +grOet2CS62G4k +@(#)$OpenBSD: sshd.c,v 1.255 2002/06/30 21:59:45 deraadt Exp $ [...] -nobody +daemon [...] +/etc/sshd_config [...] -Connection refused by tcp wrapper -libwrap refuse returns [...] -/usr/src/usr.bin/ssh/sshd/../sshd.c +/tmp_mnt/killer/home/FLOYD/src/usr.bin/bad/sshd/../sshd.c [...]
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- OpenBSD rootkit Przemyslaw Frasunek (Jul 15)
- Re: OpenBSD rootkit Markus Friedl (Jul 16)
- <Possible follow-ups>
- Re: OpenBSD rootkit Mark Ruth (Jul 16)
- Re: OpenBSD rootkit Scott Fendley (Jul 16)