[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LYNX-DEV System Compromised via Lynx

From: Chuck Hamer
Subject: LYNX-DEV System Compromised via Lynx
Date: Thu, 17 Apr 1997 00:13:23 -0700

I administer a unix system (hp9000 D-Class; HPUX 10.01) that functions
both as a news server and as a system from which lynx can be run
by students in campus libraries.

I just discovered a ".crack" directory in the lynx client home
directory.  This directory contains the crack v4.1 package as well as
a password file on which cracking had been attempted.  Earlier this year
I was contacted by a sys admin at Princeton University who said that 
several machines at Princeton had been compromised by a user on this
same machine.

What I am trying to figure out is how the person who created the
.crack directory was able to do this.

The situation:

    ----------     ----------------           ------------------
   | Terminal |---| Telnet Gateway |---LAN---| Lynx client host |
    ----------     ----------------           ------------------

Students obtain access to lynx via a menu item on the telnet gateway.
When they select lynx, the telnet gateway telnets to the lynx client
host and logs in (login: l-client).  The telnet gateway does all
the telnet and login processing and the user receives a "homepage"
via lynx.

Note: The l-client account does not have a password.  The system is
      set up such that when a user logs in, lynx is run instead of
      a shell.  When the user quits lynx he is logged out of the
      system.  I thought that this type of approach would prevent
      excaping to a shell.

Another Note: There are NO user shell accounts on this system.  The 
              only non-system users are news (Usenet), l-client (lynx),
              g-client (gopher), and root.  I should be the only user
              able to log in (as root) and obtain a shell account.

What I'm trying to figure out is how a lynx user was able to escape
to a shell and install crack on this machine.  Since you are the
lynx experts, I was hoping you might be able to provide some pointers.

Thanks ver much,
Chuck Hamer
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]