[102163] in RedHat Linux List
Possible Hack.. Perl pod files??
daemon@ATHENA.MIT.EDU (Michael)
Tue Dec 1 17:37:57 1998
Date: Tue, 1 Dec 1998 17:37:29 -0500 (EST)
From: Michael <michael@area54.net>
Reply-To: Michael <michael@area54.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
I'm running check-packages on a host and on last nights run I had the
following changes displayed;
52,55c52,55
< SM5....T /usr/lib/perl5/pod/perlapio.pod
< SM5....T /usr/lib/perl5/pod/perlbook.pod
< SM5....T /usr/lib/perl5/pod/perlbot.pod
< SM5....T /usr/lib/perl5/pod/perlcall.pod
---
> S.5..UGT /usr/lib/perl5/pod/perlapio.pod
> S.5..UGT /usr/lib/perl5/pod/perlbook.pod
> S.5..UGT /usr/lib/perl5/pod/perlbot.pod
> S.5..UGT /usr/lib/perl5/pod/perlcall.pod
Everything else was normal.
These files had some gif headers and other wierd stuff in them and were
now owned by "nobody" instead of root.
System is (was) a fully patched 5.2 intel machine only running httpd,
sshd, & imapd.
Now I am reloading the machine completely, taking it to 5.2, but has
anyone seen something like this?? Could it be whats left of a poorly
done rootkit??
I did save the files in question...
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
