-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On October 23, openssl-brute.tgz was added to the Packet Storm exploit tool section. This is an OpenSSL remote exploit tool for OpenSSL versions 0.9.6d and below running under Linux and BSD, with brute forcing capability added to it. It appears to work normally when run as a normal user. However if run as root it creates the following files in /tmp: .t - FTP script that attempts to FTP files to ftp.angelfire.com .js - /etc/passwd /etc/shadow .jp - /etc/shadow .file - Output of netstat -ant .d - Output of netstat -ant Also adds an account named "postgres". The file in question is available for analysis at http://packetstormsecurity.org/removed. The file openssl-brute.tgz has the following MD5 hash: 221b200e29956489c5a5baff2b532a1f The Packet Storm staff sincerely apologizes for any inconvenience this has caused. We would also like to thank Rootkid for the timely notification of the problem. *** "Our security is not a matter of weapons alone. The arm that wields them must be strong, the eye that guides them clear, the will that directs them indomitable." Franklin D. Roosevelt Emerson Tan http://www.packetstormsecurity.org directorat_private PGP public key from http://pgpkeys.mit.edu, or on request PGP key fingerprint: 7A34 BF8D F7AB A6FC F242 80F9 5896 5A2E E23D 05AD -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 Comment: Using PGP with Mozilla - http://enigmail.mozdev.org iQA+AwUBPblTqViWWi7iPQWtEQJuDQCYjKty6xiAMElTjpWjJJEbUf6LhwCdE63o /jYqVMm2OdzSWwDVTLQ06Jk= =KGkZ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Oct 25 2002 - 09:38:48 PDT