chfn, date, chsh INFECTED according to chkrootkit
probsd org
probsdorg at yahoo.com
Wed Aug 18 05:20:20 PDT 2004
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn, cfsh, and date are stilling showing as
infected.
Is my assumption that I am seeing a false positive
correct, or anyone know of an exploit that would
affect these 3 binaries ( and even after a 'make
world' from clean src )?
Michael
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
More information about the freebsd-security
mailing list