Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Do you run CVS pserver as root? In this case "hacker" could create CVS login entry which can give him/her root rights.

    For example:

    # access CVS as root with alternative password
    root:HACKER'S_CRYPTED_PASSWORD
    # alias some CVS login name to root UID
    hacker:HACKER'S_CRYPTED_PASSWORD:root

    Have you checked if commitinfo/loginfo/etc files are not modified. They can be used to run arbitrary code.

    You may want to check if you don't have any rootkits on your computer. Try www.chkrootkit.org [chkrootkit.org].

    --

    Ilya Martynov (http://martynov.org/ [martynov.org])

    • Here's the log entry in it's entirety:
      Date:   Saturday May 18, 2002 @ 8:10
      Author: cvs-axkit
       
      Update of /home/cvs/CVSROOT
      In directory ted:/tmp/cvs-serv32715
       
      Modified Files:
              passwd
      Log Message:
      hmm, try that again
       
      Index: passwd
      ===================================================================
      RCS file: /home/cvs/CVSROOT/passwd,v
      retrieving revision 1.1
      retrieving revision 1.2
      diff -b -u -r1.1 -r1.2
      --- passwd      2002/05/18 07:06:38     1.1
      +++ passwd      2002/05/18 07:10:04     1.2
      @@ -1 +1 @@
      -anoncvs:$1$Iwe7W4bv$mREI4jyErj0HJ9rc5v.cx1
      +anoncvs:tcZodyFvFXejw
      Checking for rootkits now.