*BSD News Article 86628


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.netspace.net.au!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!newsfeeds.sol.net!hunter.premier.net!news.lightlink.com!news2.interlog.com!news.interlog.com!news
From: Claude Pio <pio@interlog.com>
Newsgroups: comp.unix.bsd.bsdi.misc
Subject: Security hole
Date: Thu, 16 Jan 1997 22:24:24 -0500
Organization: InterLog Internet Services
Lines: 11
Message-ID: <32DEEC3F.E23@interlog.com>
Reply-To: pio@interlog.com
NNTP-Posting-Host: galaxy.interlog.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (Win95; I)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5569

Folks, I need help. I am running an ISP with a BSDI main server. Users
have access to shell accounts in this server. The problem is that one
user has been able to somehow gain enough authority to change passwords
and delete all kinds of files. Can someone tell me how any user can do
these things without being super user...

Any help would be greatly appreciated.....



Thanks in advance....