[8074] in bugtraq
Re: IRIX 6.2 passwordless accounts exploit?
daemon@ATHENA.MIT.EDU (Charl Botha)
Tue Sep 29 14:39:08 1998
Date: Tue, 29 Sep 1998 10:27:36 +0200
Reply-To: Charl Botha <cpbotha@SUN.AC.ZA>
From: Charl Botha <cpbotha@SUN.AC.ZA>
X-To: Dan Stromberg <strombrg@NIS.ACS.UCI.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36100E40.5047@nis.acs.uci.edu>
On Mon, 28 Sep 1998, Dan Stromberg wrote:
> We've had a lot of script kiddies running an exploit against our campus,
> that checks for accounts that are passwordless by default in IRIX 6.2 -
> like 4Dgifts, EZsetup, and so on. I've seen indications this isn't
> limited to our campus...
Have a look at www.nessus.org -- Nessus is a network security tool that
definitely scans for these default accounts.
Charl
---------------------------------------------------------------------------
Charl Botha
E-Mail cpbotha@sun.ac.za
Image Processing and Pattern Recognition
Digital Signal Processing Group <http://dsp.ee.sun.ac.za>
Department of Electronic Engineering
University of Stellenbosch
South Africa
