[ale] Hacked
Chris Ricker
kaboom at gatech.edu
Mon Dec 7 14:11:51 EST 1998
On Mon, 7 Dec 1998, Mike Kachline wrote:
> On Mon, 7 Dec 1998, Matthew Brown wrote:
>
> > 1. Does anyone know what the 'wheel' group is for? Might this have been
> > installed as an initial system user?
> Though I still don't know exactly which services use the "wheel"
> group, I do know that it is a suid group. I think some versions of lpd use
> (or used) it.
Originally, I believe, wheel was a group to put users in who were
Semi-Important People and needed to be able to su to root. Some flavors of
unix still only allow su - root from members of wheel.
It's a group that's made out of the box during install.
> > 2. Can anyone tell me how I might've been hacked through IMAPD?
> <snip>
> Take a look at: http://www.cert.org/advisories/. I do know that
> you are probably not the only one who got hacked. Both of the Linux boxes
> which I manage had several imapd attacks attempted on them by various
> sites within the past week or so. Apparently some new imapd attack has
> been quite popular.
There's a currently-popular exploit for the imapd which shipped with RedHat
5.0 / 5.1. RH's had security updates for it on their site for ages, but all
too often people don't bother installing the patches.
later,
chris
--
Chris Ricker kaboom at gatech.edu
chris.ricker at m.cc.utah.edu
More information about the Ale
mailing list