by A machine at our site was recently the target of a breakin. Someone
guessed a user's password and then used the expreserve bug to manipulate
/etc/passwd
I also noticed that our /etc/printcap file was modified. The characters
"+ +" were placed on a line by themselves, followed by a bunch of ascii
garbage.
Does this conform to any known method of compromising security?
Thanks,
Greg Sandell
p.s. email replies appreciated.
--
Parmly Hearing Institute, Loyola University Chicago
6525 N. Sheridan Chicago IL 60626 USA voice:773-508-3976 FAX:773-508-2719
WWW: http://www.parmly.luc.edu/sandell/