Linux Today: Linux News On Internet Time.

More on LinuxToday

util-linux-2.9g compromised

Jan 25, 1999, 00:08 (0 Talkback[s])

As posted by Andries Brouwer to C.O.L.A., January 24, 1999 and also on linux-kernel.

I just learned that
has been compromised

(so that 1. It gives anybody who logs in with name #!sh
a root shell, and 2. It mails usernames and passwords

Probably you do not want to use this enhanced version.
The original version has been put back.
It has md5sum
ab409a6ac5a775a4b04b8e27f6c86933  util-linux-2.9g.tar.gz

I am not aware of anything else that was changed, but
of course this means for the time being that anything
found on this machine must be regarded as suspect.

Andries -

[PS I would be interested in finding precisely when
this was done. If you got a non-corrupt version
recently, could you mail me date and time?]

An independent announcement by Andries Brouwer of the util-linux security breach was posted to the linux-kernel list and is published on LWN/daily.