Bugtraq mailing list archives
Re: IRIX 6.2 passwordless accounts exploit?
From: deraison () WORLDNET FR (Renaud Deraison)
Date: Tue, 29 Sep 1998 20:58:16 +0200
On 29-Sep-98 Charl Botha wrote:
On Mon, 28 Sep 1998, Dan Stromberg wrote:We've had a lot of script kiddies running an exploit against our campus, that checks for accounts that are passwordless by default in IRIX 6.2 - like 4Dgifts, EZsetup, and so on. I've seen indications this isn't limited to our campus...Have a look at www.nessus.org -- Nessus is a network security tool that definitely scans for these default accounts.
Well, in fact there is a bug in the current version which will boost your adrenaline for nothing : some accounts are said to be passwordless, whereas they are not. I suggest that you use the work-in-progress version instead, (available at http://www.nessus.org/wip/) which corrects this problem and adds several new checks (there are now 109 plugins in Nessus). -- Renaud -- Renaud Deraison <deraison () worldnet fr> The Nessus Project -- http://www.nessus.org http://www.{fr,fi,jp}.nessus.org
Current thread:
- Re: mountd- more info (sorry), (continued)
- Re: mountd- more info (sorry) John Caldwell (Sep 29)
- Re: mountd- more info (sorry) Anthony C. Zboralski (Sep 30)
- more rpc.mountd jason valentine (Sep 30)
- Netscape Cache Exploit - source code Ken Williams (Sep 29)
- Re: IRIX 6.2 passwordless accounts exploit? Kevin Hawkins (Sep 30)
- Sun Security Bulletin #00176 joshua grubman (Sep 30)
- Re: IRIX 6.2 passwordless accounts exploit? morex .- (Sep 28)
- mountd remote exploit? John Caldwell (Sep 28)
- Re: mountd remote exploit? morex .- (Sep 28)
- Re: IRIX 6.2 passwordless accounts exploit? Charl Botha (Sep 29)
- Re: IRIX 6.2 passwordless accounts exploit? Renaud Deraison (Sep 29)
- rpc.mountd exploit Hudin Lucian (Sep 29)