Re: IRIX "gr" core dumps

From: Dino (slayer67at_private)
Date: Sun Oct 07 2001 - 17:04:34 PDT

  • Next message: Ray: "Re: repeated zone transfer denied"

    http://www.dsinet.org/tools/exploits/irix-exploits/gr.c
    
    this may be exploit. If so its old.
    
    Dino
    
    
    Subject: IRIX "gr" core dumps
    
    
    >
    > We have a hacked IRIX box where the intruder hijacked a
    > user password then apparently attacked the box locally via
    > a buffer overflow.  We found a series of core dumps in the
    > hijacked user directory generated by "gr."
    >
    > Unfortunately, I cannot find any references to what gr actually
    > is or a known exploit for it.  Perhaps someone on the list
    > has more information on this?
    >
    > -geoff
    >
    >
    > --------------------------------------------------------------------------
    --------
    > Geoff Galitz                               |
    > UC Berkeley                             |             D'oh!
    > galitzat_private   |
    >
    > --------------------------------------------------------------------------
    --
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sun Oct 07 2001 - 22:13:39 PDT