Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Bugtraq: s-bits disappear ?

s-bits disappear ?

From: Bernd Lehle <Bernd.Lehle_at_RUS.Uni-Stuttgart.DE>
Date: Wed, 11 Oct 1995 15:45:44 +0100

Hello,

today I had a strange experience on an IRIX 5.3 system.

I realized that the normal bunch of mails from the states had not come
in overnight. I checked if sendmail was still running when I realized
that ps would not give me the information ("insufficient permision").
I tried to become root by "su" which also would not let me ("insuf-
ficient permission"). After a puzzling search I took the machine in
single user mode to shield off a possible attack.

The following investigation yielded: The s-bits of /sbin/ps, /sbin/su
and /bin/mail had disappeared. I thought of Trojan Horses and compared
the checksums with sum and MD5 against secure binaries on a different
system some place else. There was no difference.

So I am not sure if this was a hacking attempt or a OS bug.

Anyone seen this before ? 

--
> Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
>       Visualization / SFB 382 / Astrophysics       *  is a machine   <
> lehle_at_rus.uni-stuttgart.de   Tel:+49-711-685-2047  *  that runs an   <
>   http://www.tat.physik.uni-tuebingen.de/~lehle    *  endless loop   <
>  pgp? -> finger bernd_at_visbl.rus.uni-stuttgart.de   *  in 2 seconds   <
Received on Oct 11 1995
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]