openssh vulnerability WITH TCP DUMP!
Damien Miller
djm at mindrot.org
Fri Nov 4 23:22:54 EST 2005
On Fri, 4 Nov 2005 23:17:25 +1100
Damien Miller <djm at mindrot.org> wrote:
> On Fri, 04 Nov 2005 11:54:14 +0100
> Evert van de Waal <evert.vandewaal at imtech.nl> wrote:
> > The aut.log file shows the following:
> > Nov 4 06:25:01 localhost su[5715]: + ??? root:nobody
> > Nov 4 06:25:01 localhost su[5715]: (pam_unix) session opened for user
> > nobody by
> > (uid=0)
oh, I misread. This is root su'ing to nobody and not the other way
round. It is probably not related to malicious activity at all.
-d
More information about the openssh-unix-dev
mailing list