Rooted
Jason C. Wells
jcw at speakeasy.net
Tue Dec 10 06:19:50 UTC 2013
For the second time in my life I've been rooted. I found a
barbut.bsd.core file and a talkng file in my /root directory. Barbut is
some sort of binary that a webserver hack seems to download and run
after a broken module provides access. That's bothersome enough.
But the very bothersome part is that I do not run any services on this
box beyond what is needed to provide packet filtering and ftp-proxy. I
have all accounts disabled. I only login after booting to single user
mode on the console. I'm looking at the security advisories and I don't
see one that seems to apply to my 8.2 system in my configuration.
So, short of an exploit in the network stack, pf, and ftp-proxy, what is
a possible attack vector?
Regarding the security advisory lingo, does "unprivileged user" mean a
remote attacker? Most (all?) of the advisories seem to involve local
exploits or exploitable services.
Regards,
Jason C. Wells
More information about the freebsd-chat
mailing list