23977 – hacker gained root access

Bug 23977 - hacker gained root access

Summary: hacker gained root access

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	wu-ftpd
Sub Component:
Version:	6.2
Hardware:	i686
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Bernhard Rosenkraenzer
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-01-14 07:29 UTC by Need Real Name
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-01-14 13:32:02 UTC
Embargoed:

Attachments	(Terms of Use)
tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files (1.16 MB, application/octet-stream) 2001-01-14 07:33 UTC, Need Real Name	no flags	Details
View All

Description Need Real Name 2001-01-14 07:29:14 UTC

I caught a hacker midway through a break in on my computer.
He somehow gained root access, and replaced some system files
with his own (ls, ps, chsh, netstat, yppoll).  Because I cut his
connection midway through, I got the code he was using before
it erased itself (it was called the megalight-rootkit).  I will e-mail
a gzipped tar file which includes the /var/messages file which show
his ftp break-in, along with the system files he replaced and the
rootkit directory to bugzilla.

Comment 1 Need Real Name 2001-01-14 07:33:25 UTC

Created attachment 7569 [details]
tgz file contains megalight-rootkit, /var/messages documenting breakin, replaced system files

Comment 2 Pekka Savola 2001-01-14 13:31:58 UTC

Known and fixed wu-ftpd problem, it appears.

Note You need to log in before you can comment on or make changes to this bug.