From owner-freebsd-security  Sun Mar 21  0: 1: 2 1999
Delivered-To: freebsd-security@freebsd.org
Received: from scam.xcf.berkeley.edu (scam.XCF.Berkeley.EDU [128.32.43.201])
	by hub.freebsd.org (Postfix) with SMTP id D4ADF15377
	for <freebsd-security@freebsd.org>; Sun, 21 Mar 1999 00:01:01 -0800 (PST)
	(envelope-from grady@scam.XCF.Berkeley.EDU)
Received: (qmail 4720 invoked by uid 348); 21 Mar 1999 08:01:00 -0000
Received: from localhost (HELO scam.XCF.Berkeley.EDU) (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 21 Mar 1999 08:01:00 -0000
To: freebsd-security@freebsd.org
Subject: question about e-bay breakin last week
From: grady@xcf.berkeley.edu (Steven Grady)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4715.922003259.1@scam.XCF.Berkeley.EDU>
Date: Sun, 21 Mar 1999 00:01:00 -0800
Message-Id: <19990321080101.D4ADF15377@hub.freebsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

According to the story, the cracker who got into e-Bay last week got
in via FreeBSD.  Does anyone know anything more about this?

    "I exploited a buffer overflow condition, which existed in an SUID
    root program," says the hacker, who is finishing up a B.S. in
    computer science. "Then I used software which I had written
    myself to get to the rest of the network. FreeBSD was the first
    machine I accessed, the rest were Solaris." 

Full URL: http://www.forbes.com/tool/html/99/mar/0319/side1.htm

	Steven
	grady@xcf.berkeley.edu

"Where do we keep all our chainsaws, mom?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message