Security Incidents mailing list archives
Re: Rooted through in.identd on Red Hat 6.0
From: jhorner () KNOXLUG ORG (J. J. Horner)
Date: Thu, 20 Apr 2000 09:25:51 -0400
On Wed, 19 Apr 2000, Del Elson wrote:
Hi, A client was hacked last week by what looked like a buffer overflow through in.identd. This was on a Red Hat 6.0 box. RH don't have any current security notices or fixes for in.identd on their servers, and I haven't seen other boxes hacked through in.identd recently.
<snip>
Anyone know of any current bug notices, exploits, or patches for in.identd? Del
Well, he could have gotten in somewhere else and just put the backdoor in identd. I've had people get in on nameservers with old versions of BIND, then backdoor another service. Jon -- J. J. Horner Apache, Perl, Unix, Linux jhorner () knoxlug org http://www.knoxlug.org/
Current thread:
- Rooted through in.identd on Red Hat 6.0, (continued)
- Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 18)
- Re: Rooted through in.identd on Red Hat 6.0 Sebastian (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Dmitry Alyabyev (Apr 20)
- RH6.1/IPChains box hacked J. J. Horner (Apr 20)
- Re: RH6.1/IPChains box hacked Jon Lewis (Apr 21)
- Re: RH6.1/IPChains box hacked mad () STUDENTS ZCU CZ (Apr 21)
- Re: RH6.1/IPChains box hacked Del Elson (Apr 24)
- Re: Rooted through in.identd on Red Hat 6.0 Cold Fire (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Jose Nazario (Apr 21)
- Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 18)
- Re: Rooted through in.identd on Red Hat 6.0 Richard Wash (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 J. J. Horner (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 21)
- Re: Rooted through in.identd on Red Hat 6.0 jms (Apr 21)
- !!!Linux ELF infector!!! dEStr0YEr (Apr 21)
- Re: !!!Linux ELF infector!!! John Flux (Apr 24)
- BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 22)
- Re: BIND 8.2.2.-P3, 0-day exploit Jon Lewis (Apr 24)
- Re: BIND 8.2.2.-P3, 0-day exploit kj (Apr 24)
- Odd snmp scans from 10.0.0.0/8 address ??? Russell Fulton (Apr 25)
- Re: BIND 8.2.2.-P3, 0-day exploit Stone (Apr 26)
- Re: BIND 8.2.2.-P3, 0-day exploit Ryan Russell (Apr 27)