Information about the bashdoor backdoor

This is a very effective and difficult backdoor to discover.
It uses a trojaned version of bash to give root access to a
user. The bashdoor use this two files /tmp/mcliZokhb and /tmp/mclzaKmfa
as "password".

Download: bashdoor.tar.gz c6edcabbcd0ade055d43a041c42f2c50

Files to search:

• /tmp/mcliZokhb
• /tmp/mclzaKmfa
• *any SUID file on /tmp/

*All files with an "*" need to be search in all system
**If you have any more information, send to: mail1, or to mail2.




$RootCheck: bashdoor.php ,v 1.0 2003/10/17, Daniel B. Cid$