IRIX "gr" core dumps

From: Geoff Galitz (galitzat_private)
Date: Sat Oct 06 2001 - 16:24:44 PDT

Next message: Alvaro Soto: "RE: new pop3 exploit out?"

Previous message: spaceork: "Re: port 22->port 22 scans"
Next in thread: Dino: "Re: IRIX "gr" core dumps"
Reply: Dino: "Re: IRIX "gr" core dumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We have a hacked IRIX box where the intruder hijacked a
user password then apparently attacked the box locally via
a buffer overflow.  We found a series of core dumps in the
hijacked user directory generated by "gr."

Unfortunately, I cannot find any references to what gr actually
is or a known exploit for it.  Perhaps someone on the list
has more information on this?

-geoff


----------------------------------------------------------------------------------
Geoff Galitz                               |
UC Berkeley                             |             D'oh!
galitzat_private   |

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Alvaro Soto: "RE: new pop3 exploit out?"
Previous message: spaceork: "Re: port 22->port 22 scans"
Next in thread: Dino: "Re: IRIX "gr" core dumps"
Reply: Dino: "Re: IRIX "gr" core dumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 07 2001 - 15:47:31 PDT