Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 7528 - hack into base Red Hat 6.0 install
Summary: hack into base Red Hat 6.0 install
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bind
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-12-03 03:20 UTC by Umair Hoodbhoy
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-12-08 15:21:58 UTC


Attachments (Terms of Use)

Description Umair Hoodbhoy 1999-12-03 03:20:45 UTC
I had a fresh Red Hat 6.0 install and had commented out the telnet line of
/etc/inetd.conf. Yet, I came to know that my machine got hacked and anyone
could gain root access without a username/passwd prompt just by doing
'telnet <host> <port>' where the <port> was a string, not a number. Is this
a common bug? What exact security patches do I need to prevent this from
happening again? Thanks.

Comment 1 Umair Hoodbhoy 1999-12-03 03:22:59 UTC
I forgot to mention: the bug tracker won't allow me to enter this as 'Component
Text' so I'm sending this under 'bind' component.

Comment 2 Bernhard Rosenkraenzer 1999-12-08 15:21:59 UTC
Someone almost certainly started a daemon to allow this, or modified your
inetd.conf.
To give you any more details, I'd need to know which string was used, as ports
*can* be specified as strings (the translation to port numbers is done by
looking into /etc/services).
This particular entry was almost certainly an exploit of a "service" the hacker
started on your machine before that (probably something along the lines of
adding
something stream tcp nowait root /bin/bash
to /etc/inetd.conf).

There are two known security bugs in Red Hat Linux 6.0; one is in wu-ftpd, the
other is in bind. Update to the current versions of wu-ftpd and bind, and
triple-check your system for trojan horses.


Note You need to log in before you can comment on or make changes to this bug.