IRIX "gr" core dumps

From: Geoff Galitz (galitzat_private)
Date: Sat Oct 06 2001 - 16:24:44 PDT

  • Next message: Alvaro Soto: "RE: new pop3 exploit out?"

    We have a hacked IRIX box where the intruder hijacked a
    user password then apparently attacked the box locally via
    a buffer overflow.  We found a series of core dumps in the
    hijacked user directory generated by "gr."
    
    Unfortunately, I cannot find any references to what gr actually
    is or a known exploit for it.  Perhaps someone on the list
    has more information on this?
    
    -geoff
    
    
    ----------------------------------------------------------------------------------
    Geoff Galitz                               |
    UC Berkeley                             |             D'oh!
    galitzat_private   |
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Oct 07 2001 - 15:47:31 PDT