4203:31337 (possible exploit?)
Mike -freebsd
mike.freebsd at gmail.com
Sat Nov 10 06:55:02 PST 2007
Guys, is anyone else seeing this?
Check for files with an unknown user or group:
/usr/ports
/usr/ports/Mk
/usr/ports/Mk/bsd.commands.mk
/usr/ports/Mk/bsd.apache.mk
[.....whole ports tree.....]
# ls -al /usr/
total 48
drwxr-xr-x 14 root wheel 512 Jun 27 20:01 .
drwxr-xr-x 23 root wheel 512 Nov 4 20:51 ..
lrwxr-xr-x 1 root wheel 10 Oct 14 14:45 X11R6 -> /usr/local
drwxr-xr-x 2 root wheel 7168 Nov 7 05:04 bin
drwxr-xr-x 2 root wheel 512 Oct 20 06:38 games
drwxr-xr-x 47 root wheel 4608 Oct 20 06:39 include
drwxr-xr-x 6 root wheel 8192 Oct 20 06:39 lib
drwxr-xr-x 5 root wheel 512 Jan 27 2007 libdata
drwxr-xr-x 5 root wheel 1536 Oct 20 06:39 libexec
drwxr-xr-x 14 root wheel 512 Oct 17 16:55 local
drwxr-xr-x 3 root wheel 512 Oct 20 14:13 obj
drwxr-xr-x 69 4203 31337 1536 Nov 9 13:59 ports
drwxr-xr-x 2 root wheel 4608 Oct 20 06:39 sbin
drwxr-xr-x 26 root wheel 512 Jan 27 2007 share
drwxr-xr-x 23 root wheel 1024 Oct 20 04:55 src
I see this on three of four FreeBSD 7 boxes and only on /usr/ports/
(why...?). Anyone else?
More information about the freebsd-ports
mailing list