Re: Root password changed

[sysadmin <sysadmin () wvths com>]

RCS wrote:

> I have no idea how the root password on my FreeBSD 4.0 system was =
> changed, only I have access to it and I have only SMTP (sendmail =
> 8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else =
> is restricted by ACLs at the router.
>
> I had to enter single user mode and change it today.
>
> I have thoroughly checked running processes and the logs and there is =
> nothing suspicious.=20
>
> Please give me your opinion on what could have caused this.=20
>
> Thanks
>
> --
> Roberto Cardona Jr.      =20
>
> --
> Roberto Cardona Jr.       
> IT/IS Manager 
> Corporate Office Centers | http://www.corporateofficecenters.com
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
>  
Versions of sendmail, apache & BIND that you're running aren't the 
latest and possibly contain buffer overflows or other vulnerabilities . 
Maybe it's time to start patching :p ?

Also , you might want to change console line in /etc/ttys to `unsecure` 
as it's  quite easy for someone to reboot your server into singe-user & 
do what you did ( i.e. change the root passwd back ) .





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com