[40405] in Hotline Meeting
RE:Acct
daemon@ATHENA.MIT.EDU (John J Morey)
Wed Oct 29 10:13:37 1997
To: hotline@MIT.EDU
Date: Wed, 29 Oct 1997 10:13:34 EST
From: John J Morey <jjmorey@MIT.EDU>
------- Forwarded Message
Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by po8.MIT.EDU (5.61/4.7) id AA18257; Wed, 29 Oct 97 10:13:08 EST
Received: from WELLFLEET.MIT.EDU by MIT.EDU with SMTP
id AA14375; Wed, 29 Oct 97 10:12:51 EST
Received: by wellfleet.MIT.EDU (940816.SGI.8.6.9/4.7) id KAA08301; Wed, 29 Oct 1997 10:12:48 -0500
Message-Id: <199710291512.KAA08301@wellfleet.MIT.EDU>
To: ary@MIT.EDU
Cc: ops@MIT.EDU, jjmorey@MIT.EDU
In-Reply-To: Your message of "Wed, 29 Oct 1997 09:53:04 EST."
<9710291453.AA12775@hector.MIT.EDU>
Date: Wed, 29 Oct 1997 10:12:48 EST
From: Ted McCabe <ted@MIT.EDU>
> I have a question:
>
> How is this possible? How could modified dotfiles spread themselves to
> other Athena machines? The .cshrc files aren't setuid are they? xdm's
> are being run as root, right?
Without going into much detail, the scripts used the widely known
public workstation root password to gain root access to the local
machine.
--Ted
------- End of Forwarded Message
