[SunHELP] Solaris 8: Unable to login

Saily Cedre saily at etecsa.net
Tue Aug 10 07:28:00 CDT 2004

If you say that some user by the name Mox & Moxu is created with userid 0 &
1 respectively, it means it is a root account , because that account has the
same user id as root. So, it means that someone got into your server and
created an account with the same privileges as root.

If you look for smcboot in www.google.com you can find something like this:
The smcboot is a small proxy server used by the Sun Management Console
Server in order to receive management connections. The smcboot startup
procedure in certain hardware releases of Solaris 8 contains a security
"hole" that can lead to a local denial of service and can leave the target
system crippled.

You should visit this page to understand yoy have a big problem.


----- Original Message -----
From: Charu Kamath
To: SUNHelp
Sent: Tuesday, August 10, 2004 2:22 AM
Subject: [SunHELP] Solaris 8: Unable to login


I am running solaris8 on Sun Ultra 5 SPARC.
There something weird happening with the machine. Every day morning I try to
log on to the machine (using telnet) it doesn't happen.I have created only 1
user on this machine.
On console, I check the Admintool it doesn't show the user, also some user
by the name Mox & Moxu is created with userid 0 & 1 respectively.
Along with my user account the user acc for bin also gets deleted.I dont
know why is this happening. I do have tcp_wrappers-7.6 in place but am
unable to log anything at all.
Few lines from output for ps -ef showed something like this ---
root 168 1    1 Aug 06 ?  0:00 /usr/sbin/inetd -s
root 177 1    0 Aug 06 ?  20:30 /usr/local/sbin/named
root 249 1    0 Aug 06 ?  0:00 /usr/sadm/lib/smc/bin/smcboot
root 249 250 0 Aug 06 ?  0:00 /usr/sadm/lib/smc/bin/smcboot

Can anyone suggest what could be the problem and how can I resolve it?

Thanks in advance.

Charu Kamath
SunHELP maillist  -  SunHELP at sunhelp.org

More information about the SunHELP mailing list