Date: Wed, 26 Jun 2002 15:19:07 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: security@freebsd.org Subject: FreeBSD vuln... Message-ID: <Pine.BSF.4.21.0206261516150.64758-100000@InterJet.elischer.org>
next in thread | raw e-mail | index | archive | help
The security officers of one of our clients (a large bank) tells us: ----begin quote--- The Apache hole itself only allows you to execute code as Nobody, but there is a working exploit in the wild now that first exploits Apache and then a bug in memcpy on FreeBSD to gain a root shell. So at this time we are vulnerable to a remote root exploit. ------- end quote now we are replacing apace on their systems but does anyone know what the memcpy bug is? I know that the OpenBSD exploit aparently uses memcpy but does anyone have details on the FreeBSD exploit? (private mails encouraged) Julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206261516150.64758-100000>