Re: Possible exploit in FreeBSD 4.0

[Kris Kirby <kris () CATONIC NET>]

On Thu, 26 Oct 2000, John Herron wrote:
> Over the telnet session I was still on the box, but figured it was
> probably corrupted.  I physically went to the box to check it out.  I
> logged in with my non-root account and it failed (bad login or
> password).. I tried a few more times with no success.  I tried the
> "guest" account I made (for the public to telnet with), still no luck.
> I try "root", it gave some QUICK error, erased it (I never saw what it
> said) didn't ask me for a password and dumped me into the root prompt.
> It displays the motd and then (unfortunatly can't remember which 2
> files) but complained about not being able to read two files or them
> being corrupt or something.  Regardless, I tried logging in a few
> times but same results, valid logins are rejected and root fails to
> ask a password and glitches you into a root prompt.

You've installed a new copy of the "bin" distribution over your old
one; you've overwritten your passwd file (and almost everything else in
/etc). Even if you hadn't filled the hard drive, you still wouldn't have
been able to login upon reboot. This is not a FreeBSD problem nor really
the most appropriate list.

-----
Kris Kirby, KE4AHR          | TGIFreeBSD... 'Nuff said.
<kris () nospam catonic net>   |
-------------------------------------------------------
"Fate, it seems, is not without a sense of irony."