[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LYNX-DEV System Compromised via Lynx
From: |
Chuck Hamer |
Subject: |
LYNX-DEV System Compromised via Lynx |
Date: |
Thu, 17 Apr 1997 00:13:23 -0700 |
I administer a unix system (hp9000 D-Class; HPUX 10.01) that functions
both as a news server and as a system from which lynx can be run
by students in campus libraries.
I just discovered a ".crack" directory in the lynx client home
directory. This directory contains the crack v4.1 package as well as
a password file on which cracking had been attempted. Earlier this year
I was contacted by a sys admin at Princeton University who said that
several machines at Princeton had been compromised by a user on this
same machine.
What I am trying to figure out is how the person who created the
.crack directory was able to do this.
The situation:
---------- ---------------- ------------------
| Terminal |---| Telnet Gateway |---LAN---| Lynx client host |
---------- ---------------- ------------------
Students obtain access to lynx via a menu item on the telnet gateway.
When they select lynx, the telnet gateway telnets to the lynx client
host and logs in (login: l-client). The telnet gateway does all
the telnet and login processing and the user receives a "homepage"
via lynx.
Note: The l-client account does not have a password. The system is
set up such that when a user logs in, lynx is run instead of
a shell. When the user quits lynx he is logged out of the
system. I thought that this type of approach would prevent
excaping to a shell.
Another Note: There are NO user shell accounts on this system. The
only non-system users are news (Usenet), l-client (lynx),
g-client (gopher), and root. I should be the only user
able to log in (as root) and obtain a shell account.
What I'm trying to figure out is how a lynx user was able to escape
to a shell and install crack on this machine. Since you are the
lynx experts, I was hoping you might be able to provide some pointers.
Thanks ver much,
Chuck Hamer
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV System Compromised via Lynx,
Chuck Hamer <=