security issue

Hugh Rutledge hugh at descartes.intlpress.com
Fri Jun 4 06:23:43 EDT 1999


My system was compromised through the method documented at

http://www.cert.org/advisories/CA-99-03-FTP-Buffer-Overflows.html

taking use of my anonymous incoming ftp access and a mkdir ability.

I have updated to wu-ftp_2.5.0 but would like to do a good quick check to
see whether any trojan horse was left behind.

Any recommendations?

Hugh Rutledge

************************************************************
International Press is the editor of
Advances in Theoretical and Mathematical Physics
Asian Journal of Mathematics
Methods and Applications of Analysis
Journal of Combinatorics-- the print version of the Electronic 
	Journal of Combinatorics

contact us at:
journals at descartes.intlpress.com
fax 617-491-6779
phone 617-491-6560


On Fri, 4 Jun 1999, Noah Fields wrote:

> I did setup eth0 to use dchp under RedHat 5.0 with RCN's cable modem
> service. Its a bit of a blur now, but here we go.
> 
> I think at the time I used the "Control Panel" which is part of the default
> window manager layout for root (yeah yeah, I ran startx as root, but hey,
> it was a fresh out of the box RedHat Installation.... )  Any way, there was
> a place to configure networking, and it must have been farly obvious,
> because I stumbled through that with the RCN guy there, and managed to make
> it look like I had done it before (which I had not)...
> 
> Any way, I believe that RedHat used that information to write the files in
> /etc/sysconfig/network and /etc/sysconfig/network-scripts/eth0 and the like
> for  the network startup stuff.
> 
> Another thing I remember is that we had to turn off  the cable modem for 20
> seconds at one point, and the details of why we did this are a bit sketchy
> to me...
> 
> I am sorry, I should have taken better notes...
> 
> - Noah
> 
> 
> 
> At 10:01 AM -0400 6/4/99, Jerry Feldman {75562} wrote:
> >I received this from a friend of mine who uses Red Hat with a Cable
> >Modem. I am not receiving email from discuss here today, so please forgive
> >if this is already answered.
> >
> >I believe rcn works the same as mediaone, you need to send it your hostname
> >before it will respond, hence eth0 will fail on startup and not show up.
> >Modify /sbin/ifup and add to the dhcpcd line  a -h and the hostname
> >assigned by the cable company.  example: dhcpcd -h r2d2
> >
> >I assume his references to "control panet" he means linuxconf
> >There are more drivers at red hat's ftp site, but some sort of driver must
> >be in place or eth0 would not have showed up. The linux install
> >program list a lot of ethernet controllers, he must have selected one?
> >> Wass wrote:
> >> >
> >> > Greetings everybody,
> >> >
> >> >         I'm a relative linux newbie, though I've been using various unices
> >> > for the past 5 years.  All this administration stuff is new to me.  I just
> >--
> >Jerry Feldman (HP On-Site Consultant) http://gbrweb.msd.ray.com/~gzf/
> >+-------------------------------------------------------+-----Note: ------+
> >| Raytheon Electronic Systems  (W) (781)999-1837/1-1837 | My views may not|
> >| Mail Stop:  S3SG10           (F) (781)999-3572/1-3572 | reflect the     |
> >| 180 Hartwell Road            (E) gzf at gbr.msd.ray.com  | views of my     |
> >| Bedford, MA 01730-2498       (H) gaf at mediaone.net     | employer.       |
> >+-------------------------------------------------------+-----------------+
> >
> >-
> >Subcription/unsubscription/info requests: send e-mail with
> >"subscribe", "unsubscribe", or "info" on the first line of the
> >message body to discuss-request at blu.org (Subject line is ignored).
> 
> ___________________________________________________________________
> Noah Fields :: noah at concord.org :: W 978.371.3480 :: C 617.699.4044
> ___________________________________________________________________
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
> 

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list