chkrootkit
Tim Robbins
tjr at freebsd.org
Wed May 5 03:27:40 PDT 2004
On Wed, May 05, 2004 at 02:54:44AM -0700, jeff wrote:
> The latest version of chkrootkit marks 3 files as being "INFECTED"; "chfn
> chsh date"
> The system is FreeBSD 4.10-BETA #2: Sun Apr 18 00:31:19 PDT 2004
>
> These files are not detected correctly by the chkrootkit program or all my
> 4.10 boxes have been "owned" or the source has been compromised.
This is a known bug in chkrootkit. For one reason or another, it seems to
break every time a new version of FreeBSD is released. The problem was
discussed recently on the security list[1] and the resolution was that it
will be fixed in the next release of chkrootkit.
[1] http://marc.theaimsgroup.com/?l=freebsd-security&m=108359366700515&w=2
Tim
More information about the freebsd-stable
mailing list