Comment 4 for bug 676376
Revision history for this message
| U.Betcha (mwm-generalmail) wrote Re: [Bug 676376] Re: ubuntu 10.04 /sbin/init infected by update (suckit) | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I just did a re-install of "upstart", then ran chkrootkit and bingo, it
flags sbin/init as infected with the suckit rootkit. Is it really
infected? A false positive. Or is the newly installed 'upstart" package
installing a new infected init file, or infecting the existing init file?
The md5 of the newly infected file is:
9fc881364679290
I would appear that by updating the Ubuntu package "*upstart*", the file
/sbin/init becomes infected or is replaced with an infected version.
Hope this helps.
U.Betcha
On 11/18/2010 09:57 AM, U.Betcha wrote:
> UPSTART: event-based init daemon
>
> *upstart *is a replacement for the /sbin/init daemon which handles
> starting of tasks and services during boot, stopping them during
> shutdown and supervising them while the system is running.
>
> My machine has Ubuntu _upstart_ version 0.6.5-7, installed. My updates
> are served from the Ubuntu Main server.
>
>
> On 11/18/2010 04:10 AM, Kees Cook wrote:
>
>> MintUpdate is not part of the Ubuntu archives. Can you isolate the
>> specific package URL that you downloaded that chkrootkit is flagging?
>>
>> ** Visibility changed to: Public
>>
>> ** Changed in: upstart (Ubuntu)
>> Status: New => Incomplete
>>
>>
>>
>