The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V3 #3 1990-12-16 (1 file, 1398 bytes)
SOURCE: http://securitydigest.org/exec/display?f=zardoz/archive/303.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Security Digest Volume 3 Issue 3

subject(s):

            an oddity with miners@ghost.unimi.it probes
            TIOCCONS Sunos bug fix available

The unix security mailing list is by invitation only and contains
sensitive material which SHOULD NOT BE REVEALED to non-members.
DO NOT PUT ANY LIST CONTENTS IN LOCATIONS ACCESSABLE TO NON-MEMBERS.
If you must keep copies on-line, please encrypt them at the very least.

PLEASE POST TO:                              security@uninet.cpd.com
PLEASE SEND EMERGENCY ALERTS TO:   security-emergency@uninet.cpd.com
PLEASE SEND REQUESTS TO:             security-request@uninet.cpd.com

Postings that describe security holes/fixes have a * in their subject.


------------------------------------------------------------------------

Date: Sun, 16 Dec 90 03:32:47 -0500
From: der Mouse  <mouse@lightning.McRCIM.McGill.EDU>
Subject: an oddity with miners@ghost.unimi.it probes

I noticed a couple of odd things about the miners@ghost.unimi.it probes
and followup letter which I haven't seen mentioned so far, so it's
possible I'm the only person to have noticed it....

>From our syslog,

Dec  4 06:06:00 127.0.0.1 ftpd[29870]: anon login from 131.175.10.1 (imiucca.unimi.it)
Dec  4 06:06:02 127.0.0.1 ftpd[29870]: anon cmd: CWD ~root
Dec  4 06:06:06 127.0.0.1 ftpd[29870]: anon cmd: pass guest
Dec  4 06:06:10 127.0.0.1 ftpd[29870]: anon cmd: PORT 131,175,10,1,188,179
Dec  4 06:06:12 127.0.0.1 ftpd[29870]: anon cmd: RETR /etc/motd

(The attempt failed.)

I noticed this when it happened (I was logged in at the time, and I get
sent such syslog messages).  I nearly sent out some sort of alert (like
a letter to CERT), but didn't get around to it (I wasn't thinking of it
as very high priority), until the letter from miners@ghost came in.

Note first that the host the FTP came from was not ghost.  Note second
that the letter from miners@ghost was dated December 9th - whoever it
was waited *five days* after failing to crack our ftp server before
sending mail!

Just in case either bit of information matters....

------------------------------------------------------------------------

Date: Tue, 18 Dec 90 22:49:00 PST
From: neil (Neil Gorsuch)
Subject: TIOCCONS Sunos bug fix available

[ Sun distributed this on a Sunos security distribution list that can
  be contacted at security-features@sun.com - neil ]

} For those of you that have seen the recent exchange over the network
} about the "TIOCCONS Bug", Sun has just finished creating and testing the
} patch for it.
}
} It is available via your local Sun Answer Center.  Please reference the
} following when calling:
}   Sun Bug ID   : 1008324
}   Sun Patch ID : for SunOS 4.1, SunOS 4.1_PSR_A  - 100187-01
}                : for SunOS 4.1.1                 - 100188-01

------------------------------------------------------------------------

        End of Security Digest Volume 3 Issue 3
        **********************

END OF DOCUMENT