[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] crond recently patched?

Subject: Re: [cobalt-security] crond recently patched?
From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
Date: Thu, 4 Mar 2004 01:57:25 +0300
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,

First, before checking cron, run chkproc -v from chkrootkit; let me know 
if you don't have one... 

If it yells about hidden processes, it is infected with SuckIt root kit. 

I've seen many raqs already infected with this backdoor. 

WBR,
Dmitry
> Curious, this looks suspecious..
> 
>
> [root admin]# ls -la /usr/sbin/crond
> -rwxr-xr-x    1 root     root        26636 Feb  3 13:53
> /usr/sbin/crond [root admin]#
>
> I dont recall applying any patches to crond..
>
> What should the normal one be, and where can I get it (for raq550)
>
> thanks
> dave

References:
- [cobalt-security] crond recently patched?
  - From: lists

Prev by Date: [cobalt-security] Re: crond recently patched?
Next by Date: Re: [cobalt-security] Re: crond recently patched?
Previous by thread: [cobalt-security] crond recently patched?
Next by thread: [cobalt-security] Re: crond recently patched?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index