Re: [Nolug] local exploits for FreeBSD??

From: Joey Kelly <looseduk_at_ductape.net>
Date: Thu, 3 Jan 2002 10:36:13 +0000
Message-Id: <0201031036130J.30300@rahab>

Thou spake:

That's entirely possible, but we haven't heard anything about the version(s)
that we run.

The thing is, one of the lamers bought a shell from the provider in order to
do his dirty deeds. He was boasting to us on irc about his takeover, and he
had a connection that came from the same box that the eggdrop was on. We
notified the box admin, who admitted to us that the lamer in question had
just gotten his account terminated for doing other taboo things on the shell,
running stuff that the admin took offense at. We weren't told all he was up
to, though.

Apparently the provider doesn't think he got rooted, and was rather arrogant
when emailed last night about that possibility (in reference to needing root
priviliges in order to sniff). Perhaps the arrogance was a smokescreen to
hide the fact that the box had in fact been rooted. Dunno, really.

At any rate, we have instituted a policy of tightening down our commercial
shells --- file privilieges, etc., and also we are reviewing our channel
security policies, etc.

--Joey

>
>Of course, eggdrop itself could have exploitable flaws which would
>allow a remote user to access and compromise it. then a "sniff" would
>not have necessarily occurred.
>
>> Joey Kelly wrote:
>> > Anyone know of any local exploits for FreeBSD? In particular,
>> > FreeBSD 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #2
>> > Here's the deal... one of our egddrop shells was sniffed. Scott says
>> > that the only way to sniff is to have elevated privileges, to put
>> > the nic into promiscuous mode.
>> > Anyone have any thoughts about this?
>>
>> You do need to have privilages to run a sniffer on FreeBSD for
>> programs like "sniff", "sniffit, "queso", etc.
>>
>> --
>> Since-beer-leekz, |If this were an actual emergency, Mikey
>>
>> |we would have all fled in terror
>>
>> http://24.17.118.246:81 |and you would not have been notified
>>
>> ___________________
>> Nolug mailing list
>> nolug@nolug.org 

-- 
Joey Kelly
< Minister of the Gospel | Computer Networking Consultant >
http://joeykelly.dhs.org
"When Government fears the people, it's liberty.
When people fear the Government, it's tyranny."
-- Benjamin Franklin
Ich möchte ein Berliner.
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/03/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST