From owner-freebsd-security@FreeBSD.ORG  Sat Mar 22 18:30:50 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 297511065681
	for <freebsd-security@FreeBSD.org>;
	Sat, 22 Mar 2008 18:30:50 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42])
	by mx1.freebsd.org (Postfix) with ESMTP id E49728FC12
	for <freebsd-security@FreeBSD.org>;
	Sat, 22 Mar 2008 18:30:49 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35])
	by postfix1-g20.free.fr (Postfix) with ESMTP id A6950242AFF8
	for <freebsd-security@FreeBSD.org>;
	Sat, 22 Mar 2008 19:13:21 +0100 (CET)
Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1])
	by smtp5-g19.free.fr (Postfix) with ESMTP id B8CEF3F6194
	for <freebsd-security@FreeBSD.org>;
	Sat, 22 Mar 2008 19:13:19 +0100 (CET)
Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98])
	by smtp5-g19.free.fr (Postfix) with ESMTP id A834D3F61D3
	for <freebsd-security@FreeBSD.org>;
	Sat, 22 Mar 2008 19:13:19 +0100 (CET)
Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25])
	by tatooine.tataz.chchile.org (Postfix) with ESMTP id 649399BF12
	for <freebsd-security@FreeBSD.org>;
	Sat, 22 Mar 2008 18:12:09 +0000 (UTC)
Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000)
	id 55198405B; Sat, 22 Mar 2008 19:12:09 +0100 (CET)
Date: Sat, 22 Mar 2008 19:12:09 +0100
From: Jeremie Le Hen <jeremie@le-hen.org>
To: freebsd-security@FreeBSD.org
Message-ID: <20080322181209.GJ66530@obiwan.tataz.chchile.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.15 (2007-04-06)
Cc: 
Subject: Firewire vulnerability applicable on FreeBSD?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Mar 2008 18:30:50 -0000

Hi there,

I've stumbled on this article.  I wonder if this is applicable to
FreeBSD.  Would it still be possible to exploit it without a firewire
driver?

http://www.dailytech.com/Lock+Your+Workstations+Or+Not+New+Tool+Bypasses+Windows+Logon/article10972.htm

« The tool is a simple, 200-line script written in the Python
programming language exploits features built into Firewire that allow
direct access to a computer's memory.  By targeting specific places that
Windows consistently stores its vital authentication functions,
Boileau's tool is able to overwrite Windows' secured code with patches
that skip Windows' password check entirely. »

Regards,
-- 
Jeremie Le Hen
< jlehen at clesys dot fr >