[1259] in linux-security and linux-alert archive
[linux-security] Possible compromise?
daemon@ATHENA.MIT.EDU (Daniel Pewzner)
Thu Oct 24 19:58:47 1996
Date: Tue, 22 Oct 1996 22:54:13 -0700 (PDT)
From: Daniel Pewzner <vegi@eskimo.com>
To: linux-security@tarsier.cv.nrao.edu
I've noticed a couple of strange things on my system. First, I believe
someone has apparently found some flaw in the wu-ftpd-2.4.2-BETA-10 that
I have yet to read about.
The /home/ftp directory was chown'd to ftp.bin, and I found a couple libs
uploaded. My logs show:
Sat Oct 19 21:19:24 1996 27 linux.netlink.net 634880 /libc.so.4 b _ i a a@
ftp 0 *
Sat Oct 19 21:20:02 1996 31 linux.netlink.net 555179 /libc.so.5 b _ i a a@
ftp 0 *
I fixed telnetd long ago, and /home/ftp/bin/ls is a static bin.
I don't seem to see further access from this site beyond what look l like
a couple or port scans on the same day.
Does anyone know of a problem with wu-ftp, other than the core dump?