From owner-freebsd-security  Tue May  4 14:12: 1 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fed-ef1.frb.gov (fed.frb.gov [132.200.32.32])
	by hub.freebsd.org (Postfix) with ESMTP id 545BB14F9C
	for <security@FreeBSD.ORG>; Tue,  4 May 1999 14:11:56 -0700 (PDT)
	(envelope-from seth@freebie.dp.ny.frb.org)
Received: by fed-ef1.frb.gov; id RAA23519; Tue, 4 May 1999 17:11:39 -0400 (EDT)
Received: from m1pmdf.frb.gov(192.168.3.38) by fed.frb.gov via smap (V4.2)
	id xma023290; Tue, 4 May 99 17:11:04 -0400
Date: Tue, 04 May 1999 17:10:55 -0400 (EDT)
From: Seth <seth@freebie.dp.ny.frb.org>
Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd)
In-reply-to: <199905042053.OAA04656@harmony.village.org>
To: Warner Losh <imp@harmony.village.org>
Cc: Vince Vielhaber <vev@michvhf.com>, security@FreeBSD.ORG
Message-id: <Pine.BSF.4.10.9905041703490.57111-100000@freebie.dp.ny.frb.org>
MIME-version: 1.0
Content-type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In my defense (and to reiterate):

1)  I saw this hit bugtraq and, having seen nothing on any lists about
it, assumed (correctly, as it turns out) that the customary "vendor"
notifications had not been sent.  I therefore sent it to -stable and to
security@freebsd.org.

2)  I am not the one claiming the alleged vulnerability.  I'm the one
reporting that it was claimed.  (It seems I need to make this clear due
to the numerous emails from cranky BSD citizens criticizing me for posting
to bugtraq before notifying security@.  Once again: **I didn't post this
to bugtraq!**  I merely saw it there and passed it along.  I have NO IDEA
whether this is a real vulnerability, but I thought it was something the
security folks should know about as soon as possible, either to try to
reproduce [unlikely given the lack of details] or to prepare a response.)

Sorry if it seems like I'm doing damage control.  I am, in a way.  I'm
just tired of the senseless flames I'm getting accusing me of heinous
crimes against the freebsd community -- crimes for which I have, and will
accept, no responsibility.

SB


On Tue, 4 May 1999, Warner Losh wrote:

> In message <XFMail.990503194059.vev@michvhf.com> Vince Vielhaber writes:
> : It's typically in bad taste to post it to BugTraq before contacting the
> : vendor.
> 
> I can say that no one appears to have contacted security-officer about
> this.  People have contacted us in the past saying that their machine
> randomly reboots.  When pressed for details, or to enable ddb or crash
> dumps to see why the machine is rebooting, they disappear and nothing
> further is heard from them.
> 
> Warner
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message