Bug 23977 - hacker gained root access
Summary: hacker gained root access
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd   
(Show other bugs)
Version: 6.2
Hardware: i686
OS: Linux
high
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-14 07:29 UTC by Need Real Name
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-14 13:32:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files (1.16 MB, application/octet-stream)
2001-01-14 07:33 UTC, Need Real Name
no flags Details

Description Need Real Name 2001-01-14 07:29:14 UTC
I caught a hacker midway through a break in on my computer.
He somehow gained root access, and replaced some system files
with his own (ls, ps, chsh, netstat, yppoll).  Because I cut his
connection midway through, I got the code he was using before
it erased itself (it was called the megalight-rootkit).  I will e-mail
a gzipped tar file which includes the /var/messages file which show
his ftp break-in, along with the system files he replaced and the
rootkit directory to bugzilla@redhat.com.

Comment 1 Need Real Name 2001-01-14 07:33:25 UTC
Created attachment 7569 [details]
tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files

Comment 2 Pekka Savola 2001-01-14 13:31:58 UTC
Known and fixed wu-ftpd problem, it appears.



Note You need to log in before you can comment on or make changes to this bug.