hackers on bruker SGIs

John Chung (chung@scripps.edu)
Thu, 4 Feb 1999 17:33:40 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Hongjun Pan | NMR Director: "Re: my magnet is possessed--concluded"
Previous message: Bill Stevens: "Re: effect of light rail lines on NMR instruments"
Next in thread: Clemens Anklin: "Re: hackers on bruker SGIs"

Howdy

Just wanted to let the Bruker users community know that the O2's
and some Indy's that come as defaults on the newer Avance machines
have security holes in the password file which have allowed some
hacker to get into 3 of our Avance machines recently (two O2's on
DRX and one Indy on DMX) as the login

No damage seems to have been done, and we even have the IP address
of where the person came from (probably a temporary/anon account on the
uu.net ISP and not worth trying to pursue who exactly it was), but
the person had given the lp login passwords (i.e., created him/herself
a backdoor).
In case you're wondering how we know this, you can do
cd /var/adm
last
and look for login as username 'lp'
you can also do
last -f OLDwtmp
last -f OLDwtmpx
to look at older logins (see manpages on last)

I advise people with Bruker supplied SGI boxes to at least check
the /etc/passwd files (do a simple 'grep ::') to see if there are
any lines without passwords (nuucp is another that had no password).
Put in a simple * in the blank password fields.

Our system admin gurus installed a number of patches on all these
newer machines. In case you're interested, they're summarized below.

John Chung
The Scripps Research Institute

---------

The patches on O2 (IRIX 6.3) from the 'versions -b' command are:

I patchSG0001695 01/29/99 Patch SG0001695: Fix License Manager security hole by removing setuid program
I patchSG0002044 01/29/99 Patch SG0002044: rld rollup #7 for 6.2, 6.3, and 6.4: pthreads+security
I patchSG0002133 01/29/99 Patch SG0002133: talkd security
I patchSG0002168 01/29/99 Patch SG0002168: Fix for lpd lock file access for IRIX 6.3
I patchSG0002213 01/29/99 Patch SG0002213: IRIX 6.2/6.3/6.4 ordist Security
I patchSG0002792 01/29/99 Patch SG0002792 : pset security vulnerability
I patchSG0002869 01/29/99 Patch SG0002869: Netware Client fixes for IRIX 6.3
I patchSG0003068 01/29/99 Patch SG0003068: Cgi script security vulnerability
I patchSG0003144 01/29/99 Patch SG0003144: xterm security fix
I patchSG0003394 01/29/99 Patch SG0003394: mail security fix (for 6.3 and 6.4)

And for Indy (IRIX 5.3)

I patchSG0001685 01/29/99 Patch SG0001685 : netprint security patch for IRIX 5.3 and 6.1
I patchSG0002132 01/29/99 Patch SG0002132: talkd security
I patchSG0002176 01/29/99 Patch SG0002176: pset security vulnerabilty
I patchSG0002212 01/29/99 Patch SG0002212: IRIX 5.3 ordist security
I patchSG0002216 01/29/99 Patch SG0002216: login/scheme fix for buffer overrun security issue and LOCKOUT option
I patchSG0002228 01/29/99 Patch SG0002228: Security patch for eject
I patchSG0003142 01/29/99 Patch SG0003142: xterm wtmp and security fixes
I patchSG0003189 01/29/99 Patch SG0003189 ISO9660 reading and security fixes

---------------------------
chung@scripps.edu
---------------------------

Next message: Hongjun Pan | NMR Director: "Re: my magnet is possessed--concluded"
Previous message: Bill Stevens: "Re: effect of light rail lines on NMR instruments"
Next in thread: Clemens Anklin: "Re: hackers on bruker SGIs"