Bug 23977 - hacker gained root access
hacker gained root access
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
6.2
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-14 02:29 EST by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-14 08:32:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files (1.16 MB, application/octet-stream)
2001-01-14 02:33 EST, Need Real Name
no flags Details

  None (edit)
Description Need Real Name 2001-01-14 02:29:14 EST
I caught a hacker midway through a break in on my computer.
He somehow gained root access, and replaced some system files
with his own (ls, ps, chsh, netstat, yppoll).  Because I cut his
connection midway through, I got the code he was using before
it erased itself (it was called the megalight-rootkit).  I will e-mail
a gzipped tar file which includes the /var/messages file which show
his ftp break-in, along with the system files he replaced and the
rootkit directory to bugzilla@redhat.com.
Comment 1 Need Real Name 2001-01-14 02:33:25 EST
Created attachment 7569 [details]
tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files
Comment 2 Pekka Savola 2001-01-14 08:31:58 EST
Known and fixed wu-ftpd problem, it appears.

Note You need to log in before you can comment on or make changes to this bug.