[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: crond recently patched?
- Subject: Re: [cobalt-security] Re: crond recently patched?
- From: "lists" <lists@xxxxxxxxxxxxxxxx>
- Date: Wed, 3 Mar 2004 15:46:00 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
cli.c is the client side to suckit rootkit--which I had removed today..
would you mind sharing with me what you did to replace crond with a refresh-untouched
version??
thanks
dave
----- Original Message -----
From: "Mark Mitchenall" <mark@xxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, March 03, 2004 3:38 PM
Subject: [cobalt-security] Re: crond recently patched?
:
: On 3 Mar 2004, at 20:00, cobalt-security-request@xxxxxxxxxxxxxxx wrote:
:
: > Curious, this looks suspecious..
: >
: > [root admin]# ls -la /usr/sbin/crond=20
: > -rwxr-xr-x 1 root root 26636 Feb 3 13:53 /usr/sbin/crond
: > [root admin]#=20
: >
: > I dont recall applying any patches to crond..
: >
: > What should the normal one be, and where can I get it (for raq550)
:
: I'm not sure, but you might want to go looking for a file called
: 'cli.c' just in case. One of our servers got attacked recently, and
: the contents of this cli.c file were compiled into crond with
: potentially nasty side-effects.
:
: Best,
:
: Mark
: --
: Mark Mitchenall, Standingwave Ltd
: (Complete Hosting and Development Services)
:
: Tel := +44 (0)20 8452 3031
: Email := mark@xxxxxxxxxxxxxxxxxx mark@xxxxxxxxxxxxxx
: Home := http://www.standingwave.co.uk http://www.mitchenall.com
:
: _______________________________________________
: cobalt-security mailing list
: cobalt-security@xxxxxxxxxxxxxxx
: http://list.cobalt.com/mailman/listinfo/cobalt-security
: