Bugtraq mailing list archives
s-bits disappear ?
From: Bernd.Lehle () RUS Uni-Stuttgart DE (Bernd Lehle)
Date: Wed, 11 Oct 1995 15:45:44 +0100
Hello, today I had a strange experience on an IRIX 5.3 system. I realized that the normal bunch of mails from the states had not come in overnight. I checked if sendmail was still running when I realized that ps would not give me the information ("insufficient permision"). I tried to become root by "su" which also would not let me ("insuf- ficient permission"). After a puzzling search I took the machine in single user mode to shield off a possible attack. The following investigation yielded: The s-bits of /sbin/ps, /sbin/su and /bin/mail had disappeared. I thought of Trojan Horses and compared the checksums with sum and MD5 against secure binaries on a different system some place else. There was no difference. So I am not sure if this was a hacking attempt or a OS bug. Anyone seen this before ? --
Bernd Lehle - Stuttgart University Computer Center * A supercomputer < Visualization / SFB 382 / Astrophysics * is a machine < lehle () rus uni-stuttgart de Tel:+49-711-685-2047 * that runs an < http://www.tat.physik.uni-tuebingen.de/~lehle * endless loop < pgp? -> finger bernd () visbl rus uni-stuttgart de * in 2 seconds <
Current thread:
- Re: Netscape 2.0b1 for Win95 (fwd) Aleph One (Oct 09)
- Sendmail 8.7, 8.7.1 Charles Howes (Oct 09)
- Re: Sendmail 8.7, 8.7.1 Casper Dik (Oct 10)
- Re: Sendmail 8.7, 8.7.1 SnoCrash (Oct 10)
- Re: Sendmail 8.7, 8.7.1 Andrew Cameron (Oct 10)
- Netscape problems (again)... Jay 'Whip' Grizzard (Oct 10)
- s-bits disappear ? Bernd Lehle (Oct 11)
- Re: s-bits disappear ? Neil Readwin (Oct 12)
- Sun's Loadmodule Patch Neil Woods (Oct 18)
- FW: WinNews Special Issue Scott Chasin (Oct 22)
- SunOS 5.5 Beta Aleph One (Oct 24)
- denial of service attack possible Mark Thomas (Oct 26)
- Re: denial of service attack possible Darren Reed (Oct 27)
- Re: denial of service attack possible Darrell Fuhriman (Oct 27)
- Re: denial of service attack possible Tom Fitzgerald (Oct 27)
- Re: denial of service attack possible Michael R. Widner (Oct 27)
- Re: denial of service attack possible Nathan Lawson (Oct 27)
- Re: Sendmail 8.7, 8.7.1 Casper Dik (Oct 10)
- Sendmail 8.7, 8.7.1 Charles Howes (Oct 09)