[4586] in linux-net channel archive
Re: A SERIOUS security problem!!!!
daemon@ATHENA.MIT.EDU (Racer X)
Mon Sep 30 08:30:27 1996
Date: Sun, 29 Sep 1996 22:52:18 -0400 (EDT)
From: Racer X <shagboy@bluesky.net>
Reply-To: shagboy@bluesky.net
To: "Brian A. Lantz" <brian@lantz.com>
cc: linux-net@vger.rutgers.edu
In-Reply-To: <Pine.LNX.3.91.960929141949.27279B-100000@lantz.com>
why don't you join us here in 1996... that problem was discovered and
fixed long ago. the fact that you've found yet another "rewt-kit" is not
something to worry about.
oh - in the future, when you "discover" new security holes, send them to
linux-security as well, and not to Linus personally. he didn't write
telnetd.
shag
On Sun, 29 Sep 1996, Brian A. Lantz wrote:
> The is a package out there, with complete code and instructions on how to
> break into most ANY Linux machine (and they boast, most other Unix boxes).
>
> After knowing what to look for, I found SEVERAL WWW and FTP sites with
> this info, so the problem is WIDE-SPREAD.
>
> This uses a security hole in telnetd, which allows passing of environment
> variables into 'login'. They define 'LD_LIBRARY_PATH' to point to a user
> (or incoming ftp) directory containing a new 'libc.so.4' or a
> 'libroot.so' (also supplied in the cracker's kit), which contains NO
> security checking, and logs them in as root.
>
> The package also contains a kit for building your own 'login' executable,
> complete with trojan horse!
>
> Check your /bin/login file, and see if it has a recent modification date.
> If so, you have probably already been broken into! Also, check your
> /etc/passwd file for any OTHER 'root' entries, like 'rewt', etc. ANY
> other entry with a user/group of 0 is PROBABLY a backup username left in
> by a cracker, in case you found their 'login' executable.
>
> To protect your site NOW, make sure you have a statically linked 'login'
> executable! Do it NOW! Go to sunsite.unc.edu (or any other well stocked
> site), and get a copy of the poeigl-1.39.tar.gz package. On sinsite it is
> in the /pub/Linux/system/Admin/login directory. Edit the Makefile,
> and add '-static' to the LIBS line. Do a 'make' and install AT LEAST the
> 'login' executable.
>
> Do it! NOW.........
>
> SHARE this info with EVERY Linux user with a site available on the
> Internet, as almost ALL are (at the moment) easy pickings for crackers!
>
> Anyone with a NEED for the actual crackers kit, can contact me personally. I
> am NOT going to make it available EXCEPT on a need to have basis, for
> obvious reasons.
>
> To prevent this in the long run, the telnetd executable should be modified,
> and possible the login executable to prevent these kinds of security
> problems.
>
>
> -----------------------------------------------------------
> Brian A. Lantz http://www.lantz.com brian@lantz.com
>
> REAL PORTION of Microsoft Windows code:
> while (memory_available) {
> eat_major_portion_of_memory (no_real_reason);
> if (feel_like_it)
> make_user_THINK (this_is_an_OS);
> gates_bank_balance++;
> }
>
>
>
>
>
>
>
>
>
>
Judd Bourgeois | When we are planning for posterity,
shagboy@bluesky.net | we ought to remember that virtue is
Finger for PGP key | not hereditary. Thomas Paine
