Sun Security Blog
|
Sun Microsystems is aware of an active worm which exploits the in.telnetd vulnerability described in Sun Alert 102802. Here are a few steps to help determine if a Solaris 10 or Nevada system may be infected: $ ls -la /var/adm/wtmpx If the permissions are: -rw-r--rw- 1 adm adm 1116 Feb 28 12:03 wtmpxthe system may be infected. Next the following command can be run: $ ls -la /var/adm/sa If there is directory named .adm the system is probably infected. Other possible indications include the existence of the files: /var/adm/.profile /var/spool/lp/.profile Additionally possible indications include modified crontab entries for users adm and lp. # cd /var/spool/cron/crontabs # grep PATH=\. * adm:#10 1 * * * (cd /var/adm/sa/ && cd .adm && [ -x sysadm ] && PATH=. sysadm) >/dev/null 2>&1 & lp:#10 1 * * * (cd /var/spool/lp/admins/ && cd .lp && [ -x lpsystem ] && PATH=. lpsystem) >/dev/null 2>&1 & The following Korn shell script, inoculate.local, can be run locally on an infected system to remove the worm and prevent further re-infection by disabling the telnet service. Copy the script into a file (for example, in /tmp or /var/tmp) and run the script as the root user.
Permalink
|
Comments [10]
Trackback URL: http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen
Post a Comment: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Posted by Arjunan on July 12, 2007 at 10:15 PM PDT #
Posted by Sumanth Naropanth on July 13, 2007 at 10:57 AM PDT #
hi,
this information is very useful for me. thanks a lot.
Posted by Mohan G on April 07, 2008 at 02:16 AM PDT #
What does the worm actually do? Does it just make copies of itself, and nothing more?
Posted by Joseph Spenner on May 21, 2008 at 10:38 AM PDT #
That is great and interesting thanks for the post it was really usefull..
Posted by Sesli on May 28, 2008 at 12:10 AM PDT #
Thank you...i will keep looking for new updates here..
Posted by Sesli Chat on May 30, 2008 at 08:48 PM PDT #
thankssssss
Posted by irc on June 08, 2008 at 05:46 PM PDT #
thanks,I will take care
Posted by kral oyun on June 13, 2008 at 08:07 AM PDT #
thankssss
Posted by sesli chat on June 13, 2008 at 05:41 PM PDT #
thankss
Posted by sesli chat on June 14, 2008 at 05:51 AM PDT #