[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] smbd2

Subject: RE: [cobalt-users] smbd2
From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
Date: Fri Jun 1 09:06:47 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> This is another entry which I found in my
> /etc/services file???
> 
> # Local services
> 
> swat              901/tcp                         #Add
> swat service used via inetd
> 
> smbd2           54321/tcp       # Samba

You've been cracked.

That is, as far as I remember, symptomatic of the recently (massively)
exploited BIND hole being used to gain entry via one or another rootkit. The
smbd in question is a modified telnet daemon which, when used with either
the TERM env. variable set to "owned" or with a password of "Sh!t" will give
you root.

Ouch.

Backup the data, rebuild the box. It's the only way forward.

Graeme

-- 
Graeme Fowler
Systems Administrator
Host Europe Group plc

Prev by Date: [cobalt-users] RE: cobalt-users digest, Vol 1 #2874 - 15 msgs
Next by Date: Fw: [cobalt-users] https and 404 page not found errors
Previous by thread: [cobalt-users] smbd2
Next by thread: [cobalt-users] Editing /etc/cobalt/messages/en_US/ui.po and using GetText ...

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index