RCS wrote: >I have no idea how the root password on my FreeBSD 4.0 system was = >changed, only I have access to it and I have only SMTP (sendmail = >8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else = >is restricted by ACLs at the router. > >I had to enter single user mode and change it today. > >I have thoroughly checked running processes and the logs and there is = >nothing suspicious.=20 > >Please give me your opinion on what could have caused this.=20 > >Thanks > >-- >Roberto Cardona Jr. =20 > >-- >Roberto Cardona Jr. >IT/IS Manager >Corporate Office Centers | http://www.corporateofficecenters.com > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > > Versions of sendmail, apache & BIND that you're running aren't the latest and possibly contain buffer overflows or other vulnerabilities . Maybe it's time to start patching :p ? Also , you might want to change console line in /etc/ttys to `unsecure` as it's quite easy for someone to reboot your server into singe-user & do what you did ( i.e. change the root passwd back ) . ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 11:46:06 PST