From owner-freebsd-security Wed Jun 26 17:53:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63]) by hub.freebsd.org (Postfix) with ESMTP id 066B437D574 for ; Wed, 26 Jun 2002 17:50:23 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc03.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020626222013.LQVP903.sccrmhc03.attbi.com@InterJet.elischer.org> for ; Wed, 26 Jun 2002 22:20:13 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA65371 for ; Wed, 26 Jun 2002 15:19:08 -0700 (PDT) Date: Wed, 26 Jun 2002 15:19:07 -0700 (PDT) From: Julian Elischer To: security@freebsd.org Subject: FreeBSD vuln... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The security officers of one of our clients (a large bank) tells us: ----begin quote--- The Apache hole itself only allows you to execute code as Nobody, but there is a working exploit in the wild now that first exploits Apache and then a bug in memcpy on FreeBSD to gain a root shell. So at this time we are vulnerable to a remote root exploit. ------- end quote now we are replacing apace on their systems but does anyone know what the memcpy bug is? I know that the OpenBSD exploit aparently uses memcpy but does anyone have details on the FreeBSD exploit? (private mails encouraged) Julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message