Security Incidents mailing list archives

33 character encrypted passwords in /etc/shadow

From: "Mike Denka" <mdenk () whidbey net>
Date: Thu, 27 Jun 2002 17:00:59 -0700

Suddenly I'm seeing a few 33 character encrypted passwords showing up in
my /etc/shadow files on several Linux machines.  And on at least one of
them, some of us whose entries have inexplicably changed from 13
characters to 34 characters can no longer ssh in.   First, has anyone
heard of any kind of rootkit or other intrusion that has this symptom?
Second, what's the easiest way to get a known good md5sum of a linux
distribution binary like /usr/sbin/passwd?  Solaris has a nice web site
that will accept an md5sum and spit out the binary that matches it.  Any
quick and easy way to do the same for various redhat distributions?  

 

Thanks,

 

Mike


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

33 character encrypted passwords in /etc/shadow Mike Denka (Jun 28)
- Re: 33 character encrypted passwords in /etc/shadow zeno (Jun 28)
- Re: 33 character encrypted passwords in /etc/shadow Ben Boulanger (Jun 28)
- Re: 33 character encrypted passwords in /etc/shadow Stephen Smoogen (Jun 28)
- <Possible follow-ups>
- FW: 33 character encrypted passwords in /etc/shadow Mike Denka (Jun 28)
  - Re: FW: 33 character encrypted passwords in /etc/shadow Paul Gear (Jun 29)