[1262] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Linux and lpd

daemon@ATHENA.MIT.EDU (John Fulmer)
Thu Oct 24 20:07:29 1996

Date: Sun, 20 Oct 1996 16:53:22 -0500
From: John Fulmer <jfulmer@blanket.com>
To: linux-security@tarsier.cv.nrao.edu

Does anyone know of a hack against lpr/lpd on Slackware 3.0? Someone
rewrote the password file on a server I deal with occasionally, and the
only real traces are a file called '1' in the /etc directory, which
contains the password file + three additional accounts. Then there is a
file called passwd.3, which is another copy of the passwd file. Both
files are owned by root  and group lp.

The person had origionally ftp'ed down the password file, by either
cracking a users password, or just got it somehow, Then he cracked a
user with a shell account with a weak password (his first name!!!) and
got onto the system. We're now trying to find out how he replaced the
passwd file. Note that we did not lose root afaik. 

The account was cracked from an account from singapore owned by a
Japindar Singh.  He also created a Jenny Lee, and a Datacom, Inc
account. Apparently he just wanted them to run a couple of irc bots.

jf
-- 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ John Fulmer           	| "As folks might have suspected,    +
+ Secure Network System		|  not much survives except roaches, +
+ Lawrence, Kansas		|  and they don't carry large enough +
+				|  packets fast enough..."           +
+ jfulmer@blanket.com		|    --Dave Crocker, about the       + 
+ http://www.blanket.com	|    Internet and nuclear war.       +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

home help back first fref pref prev next nref lref last post