Bug 23267 - passwd shadow and resolv.conf overwritten
passwd shadow and resolv.conf overwritten
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: up2date (Show other bugs)
7.0
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Preston Brown
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-03 20:54 EST by Need Real Name
Modified: 2007-03-26 23:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-04 09:19:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-01-03 20:54:02 EST
Wanted to point out a possible problem..... not sure what with though....

On a running system the following files were somehow overwritten:
/etc/passwd
/etc/shadow
/etc/resolv.conf

Appeared to be overwritten by parts of up2date or the GTK file for the red
had update agent.

I did sign up for the update agent but never finished the install....

System was up and running, was not used for several hours, went to log in
and was unable to log in. 

A root session I was using was on one of the mscreens so I hunted down the
problem and rebuild the passwd and shadow....

I am on a cable modem and behind a floppyfw based firewall that does MASQ
and is not running any services and should not be forwarding anything but
MASQ replies. Can't rule out being hacked at this point.

I have the contents of the file overwrites if they would be helpful.

Let me know if there is any other info you would like.

Thanks
Kevin
Comment 1 Need Real Name 2001-01-04 09:19:24 EST
Looks like I have a currupted superblock on that filesystem..... appears to be a bad sector..... the above most likely happened as a result of the corrupted 
superblock.

Sorry for the false alarm.

Note You need to log in before you can comment on or make changes to this bug.