[ale] Hacked

Chris Ricker kaboom at gatech.edu
Mon Dec 7 14:11:51 EST 1998


On Mon, 7 Dec 1998, Mike Kachline wrote:

> On Mon, 7 Dec 1998, Matthew Brown wrote:
> 
> > 1.    Does anyone know what the 'wheel' group is for?  Might this have been
> > installed as an initial system user?
> 	Though I still don't know exactly which services use the "wheel" 
> group, I do know that it is a suid group. I think some versions of lpd use
>  (or used) it. 

Originally, I believe, wheel was a group to put users in who were
Semi-Important People and needed to be able to su to root.  Some flavors of
unix still only allow su - root from members of wheel.

It's a group that's made out of the box during install.

> > 2.    Can anyone tell me how I might've been hacked through IMAPD?
> <snip>
> 	Take a look at: http://www.cert.org/advisories/. I do know that
> you are probably not the only one who got hacked. Both of the Linux boxes
> which I manage had several imapd attacks attempted on them by various
> sites within the past week or so. Apparently some new imapd attack has
> been quite popular.

There's a currently-popular exploit for the imapd which shipped with RedHat
5.0 / 5.1.  RH's had security updates for it on their site for ages, but all
too often people don't bother installing the patches.

later,
chris

--
Chris Ricker                                            kaboom at gatech.edu
                                               chris.ricker at m.cc.utah.edu






More information about the Ale mailing list