Security Incidents mailing list archives

Root password changed

From: "RCS" <rcs () flashwave com>
Date: Fri, 3 Jan 2003 22:01:03 -0600

I have no idea how the root password on my FreeBSD 4.0 system was =
changed, only I have access to it and I have only SMTP (sendmail =
8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else =
is restricted by ACLs at the router.

I had to enter single user mode and change it today.

I have thoroughly checked running processes and the logs and there is =
nothing suspicious.=20

Please give me your opinion on what could have caused this.=20

Thanks

--
Roberto Cardona Jr.      =20

--
Roberto Cardona Jr.       
IT/IS Manager 
Corporate Office Centers | http://www.corporateofficecenters.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Root password changed RCS (Jan 06)
- Re: Root password changed james (Jan 07)
- RE: Root password changed Michael LaSalvia (Jan 07)
- Re: Root password changed Chris Barford (Jan 07)
- Re: Root password changed sysadmin (Jan 07)
- Re: Root password changed Adam Bultman (Jan 07)
- Re: Root password changed Joe Kattner (Jan 07)
- Re: Root password changed Lisa Casey (Jan 07)