On Mon, 2002-10-07 at 16:35, Andy Brown wrote: > > <snip> > Checking `passwd'... INFECTED > </snip> > > Not sure if anybody else noticed this, so thought i'd highlight it. > > This is slightly unusual, the chkroot details say anything showing as INFECTED >generally means the binary has been modified, probably by a trojan.
The check matches "security" in the output of "strings /usr/bin/passwd" which contains something like "/etc/security/passwd.conf". I cannot tell with 100% certainty but it does look like a false positive. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
