We have a hacked IRIX box where the intruder hijacked a user password then apparently attacked the box locally via a buffer overflow. We found a series of core dumps in the hijacked user directory generated by "gr." Unfortunately, I cannot find any references to what gr actually is or a known exploit for it. Perhaps someone on the list has more information on this? -geoff ---------------------------------------------------------------------------------- Geoff Galitz | UC Berkeley | D'oh! galitzat_private | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Oct 07 2001 - 15:47:31 PDT