[SunHELP] Solaris 8: Unable to login
Charu Kamath
charu.bhargava at estelcom.com
Tue Aug 10 23:16:41 CDT 2004
Hey Saily,
Thanks a ton. I disabled SMC server.
By the way could this be a problem for my sendmail service not being able to
start. I got the error -
#/usr/lib/sendmail -bd -q1m
sendmail:SYSERR(root): sasl_server_init failed! [generic failure]
And now it has started. Thanks to you.
Can I join any mailing list or site to get the info on latest
patches/vulnerabilities pertaining to Solaris 7 & 8.
- Charu
-----Original Message-----
From: Saily Cedre [mailto:saily at etecsa.net]
Sent: Tuesday, August 10, 2004 5:58 PM
To: The SunHELP List
Subject: Re: [SunHELP] Solaris 8: Unable to login
If you say that some user by the name Mox & Moxu is created with userid 0 &
1 respectively, it means it is a root account , because that account has the
same user id as root. So, it means that someone got into your server and
created an account with the same privileges as root.
If you look for smcboot in www.google.com you can find something like this:
The smcboot is a small proxy server used by the Sun Management Console
Server in order to receive management connections. The smcboot startup
procedure in certain hardware releases of Solaris 8 contains a security
"hole" that can lead to a local denial of service and can leave the target
system crippled.
You should visit this page to understand yoy have a big problem.
http://www.securiteam.com/unixfocus/6K00S203FC.html
Saily.
----- Original Message -----
From: Charu Kamath
To: SUNHelp
Sent: Tuesday, August 10, 2004 2:22 AM
Subject: [SunHELP] Solaris 8: Unable to login
Hi!
I am running solaris8 on Sun Ultra 5 SPARC.
There something weird happening with the machine. Every day morning I try to
log on to the machine (using telnet) it doesn't happen.I have created only 1
user on this machine.
On console, I check the Admintool it doesn't show the user, also some user
by the name Mox & Moxu is created with userid 0 & 1 respectively.
Along with my user account the user acc for bin also gets deleted.I dont
know why is this happening. I do have tcp_wrappers-7.6 in place but am
unable to log anything at all.
Few lines from output for ps -ef showed something like this ---
root 168 1 1 Aug 06 ? 0:00 /usr/sbin/inetd -s
root 177 1 0 Aug 06 ? 20:30 /usr/local/sbin/named
root 249 1 0 Aug 06 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 249 250 0 Aug 06 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
Can anyone suggest what could be the problem and how can I resolve it?
Thanks in advance.
Charu Kamath
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
_______________________________________________
SunHELP maillist - SunHELP at sunhelp.org
http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list