Mailinglist Archive: opensuse-security (300 mails)
| < Previous | Next > |
hack - installing "bi" in /tmp ??
- From: Dirk Kutsche <dk@xxxxxxxxxx>
- Date: Wed, 25 Dec 2002 00:53:28 +0100
- Message-id: <3E08F378.68E64080@xxxxxxxxxx>
Hi,
I found a programm "bi" in /tmp - owner wwwrun, goup nobody. Nothing in
the logs. 2.4.10-4GB
Looks like a hack via apache. Do you know anything similar?
strings bi gets the following output:
/lib/ld-linux.so.2
__gmon_start__
libc.so.6
strcpy
waitpid
ioctl
printf
stdout
execve
memcpy
perror
__cxa_finalize
dup2
socket
select
fflush
bzero
setpgid
accept
write
kill
bind
__deregister_frame_info
chdir
memchr
signal
read
htonl
listen
fork
sprintf
htons
exit
_IO_stdin_used
__libc_start_main
strlen
open
vhangup
setsid
__register_frame_info
close
GLIBC_2.1.3
GLIBC_2.0
äðPTRhð
QVhd
åSPè
]üÉÃ
Éuê¸
}¸¾)
eø^_]Ã
Pè:ý
Pèöü
0èWû
åWVS
EÈPè
fÇEÈ
u´è³ú
öèKú
uäèwú
uäè9ù
Eè-à
Pètú
u°è_ú
E¤Pèlû
½Øwþ
Pèrø
u°èK÷
u°èM÷
u è!÷
u¤è¹ø
u°èûö
u´èíö
u¤èï÷
u¤èß÷
u¤èÏ÷
u¤èeö
E Áè
E°Áè
E ;E°~
µ¤wþ
E Áè
u è]÷
½Ðwþ
µÐwþ
E°Áè
u°èÑö
½Ðwþ
µÐwþ
Pè!õ
½Ôwþ
½´wþ
µ´wþ
µÔwþ
½´wþ
u èSõ
u è`ó
½´wþ
µ´wþ
µÐwþ
µÌwþ
u èùò
u°èñò
u´èãò
u èÕò
u¨è£ó
u°è¥ò
eô[^_]Ã
U¡ì¦
uôX[]ÃU
åSRè
]üÉÃ
pqrstuvwxyzabcde
0123456789abcdef
/dev/ptmx
/dev/pty
/dev/tty
socket
bind
listen
Daemon is starting...
OK, pid = %d
/dev/null
/tmp
HOME=%s
Can't fork pty, bye!
/bin/sh
Regards, Dirk
I found a programm "bi" in /tmp - owner wwwrun, goup nobody. Nothing in
the logs. 2.4.10-4GB
Looks like a hack via apache. Do you know anything similar?
strings bi gets the following output:
/lib/ld-linux.so.2
__gmon_start__
libc.so.6
strcpy
waitpid
ioctl
printf
stdout
execve
memcpy
perror
__cxa_finalize
dup2
socket
select
fflush
bzero
setpgid
accept
write
kill
bind
__deregister_frame_info
chdir
memchr
signal
read
htonl
listen
fork
sprintf
htons
exit
_IO_stdin_used
__libc_start_main
strlen
open
vhangup
setsid
__register_frame_info
close
GLIBC_2.1.3
GLIBC_2.0
äðPTRhð
QVhd
åSPè
]üÉÃ
Éuê¸
}¸¾)
eø^_]Ã
Pè:ý
Pèöü
0èWû
åWVS
EÈPè
fÇEÈ
u´è³ú
öèKú
uäèwú
uäè9ù
Eè-à
Pètú
u°è_ú
E¤Pèlû
½Øwþ
Pèrø
u°èK÷
u°èM÷
u è!÷
u¤è¹ø
u°èûö
u´èíö
u¤èï÷
u¤èß÷
u¤èÏ÷
u¤èeö
E Áè
E°Áè
E ;E°~
µ¤wþ
E Áè
u è]÷
½Ðwþ
µÐwþ
E°Áè
u°èÑö
½Ðwþ
µÐwþ
Pè!õ
½Ôwþ
½´wþ
µ´wþ
µÔwþ
½´wþ
u èSõ
u è`ó
½´wþ
µ´wþ
µÐwþ
µÌwþ
u èùò
u°èñò
u´èãò
u èÕò
u¨è£ó
u°è¥ò
eô[^_]Ã
U¡ì¦
uôX[]ÃU
åSRè
]üÉÃ
pqrstuvwxyzabcde
0123456789abcdef
/dev/ptmx
/dev/pty
/dev/tty
socket
bind
listen
Daemon is starting...
OK, pid = %d
/dev/null
/tmp
HOME=%s
Can't fork pty, bye!
/bin/sh
Regards, Dirk
| < Previous | Next > |