[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
syslogd security ?
From: |
Alain Magloire |
Subject: |
syslogd security ? |
Date: |
Thu, 23 Nov 2000 23:58:36 -0500 (EST) |
Bonjour
Good news, cast is off ... ye !!! A few physio workout and I'm
back rocking.
Bad news, my machine's been crack. I left my machine
running as a way to test the inetutils tools, ftp rlogin etc ...
except that I forgot to update inetd and syslogd. So
both(ined and syslogd) were the default stock from Red Hat 6.1 (or
was it 5.2 ???)
Now I can not confirm is this was a syslogd buffer overflow
thing or another inetd services ...
Speculation ?
In any case excerpt from a syslogd messages:
---------------syslogd /var/log/messages ---------------------------
Nov 20 15:08:12 reliant
Nov 20 15:08:12 reliant syslogd: Cannot glue message parts together
Nov 20 15:08:12 reliant 173>Nov 20 15:08:12 rpc.statd[504]: gethostbyname error
******** Followed by a big blurb of non printable characters ..
Nov 20 15:09:11 reliant useradd[27892]: new group: name=proc, gid=3108
Nov 20 15:09:11 reliant useradd[27892]: new user: name=proc, uid=3108, gid=3108,
home=/home/proc, shell=/bin/bash
Nov 20 15:09:16 reliant PAM_pwdb[27893]: password for (proc/3108) changed by ((n
ull)/0)
Nov 20 15:09:39 reliant PAM_pwdb[27895]: (login) session opened for user proc by
alain(uid=0)
---------------syslogd /var/log/messages ---------------------------
--
au revoir, alain
----
Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!
- syslogd security ?,
Alain Magloire <=