Bug 23267 - passwd shadow and resolv.conf overwritten
Summary: passwd shadow and resolv.conf overwritten
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: up2date
Version: 7.0
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Preston Brown
QA Contact: Aaron Brown
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-01-04 01:54 UTC by Need Real Name
Modified: 2007-03-27 03:38 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2001-01-04 14:19:27 UTC

Attachments (Terms of Use)

Description Need Real Name 2001-01-04 01:54:02 UTC
Wanted to point out a possible problem..... not sure what with though....

On a running system the following files were somehow overwritten:

Appeared to be overwritten by parts of up2date or the GTK file for the red
had update agent.

I did sign up for the update agent but never finished the install....

System was up and running, was not used for several hours, went to log in
and was unable to log in. 

A root session I was using was on one of the mscreens so I hunted down the
problem and rebuild the passwd and shadow....

I am on a cable modem and behind a floppyfw based firewall that does MASQ
and is not running any services and should not be forwarding anything but
MASQ replies. Can't rule out being hacked at this point.

I have the contents of the file overwrites if they would be helpful.

Let me know if there is any other info you would like.


Comment 1 Need Real Name 2001-01-04 14:19:24 UTC
Looks like I have a currupted superblock on that filesystem..... appears to be a bad sector..... the above most likely happened as a result of the corrupted 

Sorry for the false alarm.

Note You need to log in before you can comment on or make changes to this bug.