False Positive: IRCDs running on port 6667
Bug #629723 reported by
Thomas Ward
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| chkrootkit (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: chkrootkit
This program detects falsely an infection on port 6667. This is the case with an IRCD running on port 6667 being detected as bindshell.
This is a bug, but also could the documentation on false positives be amended to include the info about ircds also triggering false positives?
System Info: Ubuntu 10.04 Lucid Lynx, both 32-bit and 64-bit server editions (multiple servers)
| description: | updated |
Revision history for this message
| Clint Byrum (clint-fewbar) wrote | #1 |
| Changed in chkrootkit (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
Revision history for this message
| Thomas Ward (teward) wrote | #2 |
To post a comment you must log in.
Hi TrekCaptainUSA, thanks so much for taking the time to report this bug and help us make Ubuntu better!
I tried this on a fresh install of lucid, indeed if you just do 'apt-get install ircd-hbrid chkrootkit' and run chkrootkit, bindshell is falsely detected. Marking Confirmed.
Setting Importance to Medium. While this is a bug, its only a problem for users who have installed an irc daemon, which is not a common use case.