Autor: Maciej Otreba (motreba_at_lnx1.boa.uni.torun.pl)
Data: Wed 19 Apr 1995 - 15:18:39 MET DST
Na com.os.linux.announce pojawilo sie takie ostrzezenie:
Olaf Kirch (okir_at_monad.swb.de) wrote:
: [This is a message from Joel S. Katz I received about half an hour ago.
: After forwarding it to the linux-security mailing list I received a report
: from a user that this is really true, and that his machine was broken
: into apparently exploiting this trapdoor. Olaf]
: ----------------------------------------------------------------------------
: SECURITY ALERT -- Trojan in Linux Satan Binaries
: ----------------------------------------------------------------------------
: It appears that someone with physical access to my computer inserted
: a Trojan into my release of the Linux Satan binaries. This definitely
: affects the versions downloaded from ftp.epinet.com and may affect those
: from other sites. At least 400 sites have ftp'd the trojan.
: This Trojan has not been exploited and will not be used.
: Briefly, if you downloaded Linux Satan Binaries from anywhere, to be
: safe, create a user named "suser" in your /etc/passwd file, set his password
: to "*" and his user number to 9955. This will disable the Trojan completely
: and Satan can still be used.
: You can obtain the latest info by fingering
: "satan_at_router.epinet.com". Mail regarding the trojan should be sent to the
: same address.
: Someone I know wanted to make some bizarre point about tools like
: Satan being useless in the hands of the technically unskilled. He obtained
: physical access to my machine when I was not in my lab and obtained my
: password from a log. (Stupid me, when I was having PPP problems, I told chat
: to log everything -- including my password!) Unfortunately, my PPP password
: is my Panix password (by their design).
: This person has no intentions of using the Trojan and only wanted to
: make a statement, not compromise people's security. When I checked for other
: tampered files by comparing my system to my last backup, I noticed a copy of
: the source of the trojan sitting in a directory that contains newbie help
: for Usenet. It is clear that only the author of the Trojan can exploit it.
: He is quite remorseful about what he has done.
: I will release more details including the source shortly. Right now,
: I want to give people a chance to secure their systems. If you have an
: "suser" line in your /etc/passwd file, you have been attacked. Change
: "suser"'s password to "*".
: If you don't have such a line, add one just to be safe -- the Trojan
: shuts down if "suser" already exists. Make it user number 9955, and set its
: password to "*".
: This problem does not affect any of the source releases. My sincere
: apologies to those whose system's security may have been compromised.
: Sincerely,
: Joel Katz <Stimpson_at_Panix.COM>
: (Address replies to satan_at_router.epinet.com)
: --
: Olaf Kirch | La tache du voyageur n'est pas de detruire des legendes,
: okir_at_monad.swb.de | c'est d'en creer... La realite, ce la monnaie de ceux
: | qui ne peuvent pas mentir. R. Dorgeles
--
_____________________________________________________
| / |
| Maciej Otreba / Internet: |
|------------------------/--------------------------|
| 87-116 Torun, POLAND / |
| Dzialowskiego 4/4 / motreba_at_boa.uni.torun.pl |
| phone +48-56-485645 /http://lnx1.boa.uni.torun.pl |
|____________________/______________________________|
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Wed 19 May 2004 - 15:50:49 MET DST