The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Alert: Qualcomm POP Server


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sun, 5 Jul 1998 10:14:58 +0100 (BST)
From: Scot Elliott <scot@planet-three.com.>
To: [email protected], [email protected]
Subject: Security Alert: Qualcomm POP Server

Morning all.

I caught someone last night with a root shell on our mail server.  I
traced it back to somewhere in the US, but unfortunately got locked out
and the log files removed before I had time to fix it ;-(

I shut the machine down remotely by mounting /usr over NFS and changing
/usr/libexec/atrun to a shell script that run /sbin/shutdown (near huh?
;-)

Anyway - the point is that is looks like some kind of buffer overflow in
the POP daemon that ships with FreeBSD 2.2.6.  I noticed lots of ^P^P^P...
messages from popper in the log file before it was removed.  There was an
extra line in /etc/inetd.conf which ran a shell as root on some port I
wasn't using (talk I think).  So I'm guessing that the exploit allows
anyone to run any command as root.  Nice.  Whomever it was was having a
whale of a time with my C compiler for some reason... very dodgy.

If I can find out the source of this then I'd like to follow it up.  Does
anyone have experience of chasing this sort of thing from across the US
border?  Also, of course, everyone should check their popper version.

Cheers


Yours - Scot.


-----------------------------------------------------------------------------
Scot Elliott ([email protected], [email protected])	| Work: +44 (0)171 7046777
PGP fingerprint: FCAE9ED3A234FEB59F8C7F9DDD112D | Home: +44 (0)181 8961019
-----------------------------------------------------------------------------
Public key available by finger at:   finger [email protected]
                            or at:   http://www.poptart.org/pgpkey.html



To Unsubscribe: send mail to [email protected]
with "unsubscribe security" in the body of the message


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру