[TriLUG] Back Oriffice for Linux
Andrew Perrin
andrew_perrin at unc.edu
Mon Mar 18 06:35:55 EST 2002
Er, not to be a stickler, but if someone knows your root password aren't
you kind of sunk to begin with? it would be trivial enough, as root,
simply to edit Xaccess to give oneself access.
ap
----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin at unc.edu - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA
On Mon, 18 Mar 2002, Sinner from the Prairy wrote:
> Hi,
>
> It looks like Mandrake Linux, plus solaris (and maybe others) are
> affected by this vulnerability.
>
> The vulnerability is one that:
>
> If you use a graphical login + your firewall is setup wrong (i.e. let's
> someone conenect to you through XDMCP ports) + someone knows your root
> password, this someone can made its way into your system, and then,
> install a "remote administration rootkit" (Back Oriffice for Linux).
>
> Just in case:
>
> On Mandrake Linux, you can solve this by editing the file
>
> /etc/X11/xdm/Xaccess
>
> Just comment out those 2 lines, adding, in front of each line, a hash
> symbol #:
>
>
> * #any host can get a login window
>
> * CHOOSER BROADCAST #any indirect host can get a chooser
>
>
>
> Then, re-start your graphical subsystem with
>
> telinit 3 && telinit 5
>
>
> Of course, do all this as root.
>
>
>
>
> Salut,
> Sinner
> --
> http://www.ibiblio.org/sinner/ Linux User # 89976
> Running on Mandrake 8.1 - Kernel 2.4.8-34mdk Linux Machine # 38068
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
More information about the TriLUG
mailing list