Security Incidents mailing list archives

Re: hack that changes root to Root

From: Mike Shaw <mshaw () wwisp com>
Date: Tue, 26 Feb 2002 15:00:22 -0600

I've seen a sophisticated Trojan horse program that does this.

It basically tricks me into hitting the insert key in vi which capitalizesthe letter. This is particularly on the very first letter on the veryfirst line where the cursor starts (like "root" in etc/passwd). So far Ihaven't seen a publicly available exploit, so I have no idea how it knowsI'm in a hurry and been living in notepad all day. ; )


-Mike

At 05:49 PM 2/25/2002 -0700, James wrote:

Anyone know of a hack that changes root (user name) to Root ?

James Edwards
jamesh () cybermesa com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

hack that changes root to Root James (Feb 26)
- Re: hack that changes root to Root Yotam Rubin (Feb 26)
  - Re: hack that changes root to Root james (Feb 26)
    - Re: hack that changes root to Root William York (Feb 28)
- Re: hack that changes root to Root Mike Shaw (Feb 26)