ethtool trojan detected by NAI
Felipe Alfaro Solana
felipe_alfaro at linuxmail.org
Thu Jan 15 22:27:19 UTC 2004
On Thu, 2004-01-15 at 18:11, Leonard den Ottolander wrote:
> Hello David,
>
> > I have ethtool-1.6-2 from RedHat's Fedora repository, and it scans clean
> > with f-prot. Without going to fedora.us repository to compare, I would
> > say it must be different, as this rpm goes into /usr/sbin/ethtool, not
> > /sbin/ethtool.
>
> Curious. My Fedora Core 1 contains ethtool-1.8-2.1 and the binary is
> located at /sbin/ethtool.
>
> Jason, the md5sum of my binary is:
>
> $ md5sum /sbin/ethtool
> 5bd89f94417a5daae91538b418d442d6 /sbin/ethtool
This is not very useful, as some systems use prelink. Since prelink
modifies the binary image, the md5 sum gets invalidated. On a prelinked
system, I get this:
md5sum /sbin/ethtool
16be2606732f0a20f522841cbd36da92 /sbin/ethtool
More information about the fedora-list
mailing list