RE: Root password changed

["Michael LaSalvia" <mike () jason org>]

The first thought that comes to my head is physical access to that machine.
Is it in a location that anyone that knows Linux at all could boot to single
user mode and change it.

-----Original Message-----
From: RCS [mailto:rcs () flashwave com]
Sent: Friday, January 03, 2003 11:01 PM
To: incidents () securityfocus com
Subject: Root password changed


I have no idea how the root password on my FreeBSD 4.0 system was =
changed, only I have access to it and I have only SMTP (sendmail =
8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else =
is restricted by ACLs at the router.

I had to enter single user mode and change it today.

I have thoroughly checked running processes and the logs and there is =
nothing suspicious.=20

Please give me your opinion on what could have caused this.=20

Thanks

--
Roberto Cardona Jr.      =20

--
Roberto Cardona Jr.
IT/IS Manager
Corporate Office Centers | http://www.corporateofficecenters.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com