[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

syslogd security ?

From: Alain Magloire
Subject: syslogd security ?
Date: Thu, 23 Nov 2000 23:58:36 -0500 (EST)


Good news, cast is off ... ye !!! A few physio workout and I'm
back rocking.

Bad news, my machine's been crack.  I left my machine
running as a way to test the inetutils tools, ftp rlogin etc ...
except that I forgot to update inetd and syslogd.  So
both(ined and syslogd) were the default stock from Red Hat 6.1 (or
was it 5.2 ???)
Now I can not confirm is this was a syslogd buffer overflow
thing or another inetd services ...

Speculation ?

In any case excerpt from a syslogd messages:

---------------syslogd /var/log/messages ---------------------------
Nov 20 15:08:12 reliant
Nov 20 15:08:12 reliant syslogd: Cannot glue message parts together
Nov 20 15:08:12 reliant 173>Nov 20 15:08:12 rpc.statd[504]: gethostbyname error

******** Followed by a big blurb of non  printable characters ..

Nov 20 15:09:11 reliant useradd[27892]: new group: name=proc, gid=3108
Nov 20 15:09:11 reliant useradd[27892]: new user: name=proc, uid=3108, gid=3108,
 home=/home/proc, shell=/bin/bash
Nov 20 15:09:16 reliant PAM_pwdb[27893]: password for (proc/3108) changed by ((n
Nov 20 15:09:39 reliant PAM_pwdb[27895]: (login) session opened for user proc by
---------------syslogd /var/log/messages ---------------------------
au revoir, alain
Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]