From owner-freebsd-security Wed May 5 4: 1:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (Postfix) with ESMTP id E85601559E for ; Wed, 5 May 1999 04:01:06 -0700 (PDT) (envelope-from fygrave@tigerteam.net) Received: from gizmo.kyrnet.kg (gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.3/8.9.3) with ESMTP id VAA19267; Wed, 5 May 1999 21:23:30 +0600 Received: from localhost (fygrave@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id QAA13762; Wed, 5 May 1999 16:59:39 +0600 X-Authentication-Warning: gizmo.kyrnet.kg: fygrave owned process doing -bs Date: Wed, 5 May 1999 16:59:39 +0600 (KGST) From: CyberPsychotic X-Sender: fygrave@gizmo.kyrnet.kg To: freebsd-security@freebsd.org Cc: "Michael C. Vergallen" Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) Message-ID: Confirm-receipt-to: fygrave@usa.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ I don't see how this can be a exploit if you have /etc/hosts.deny and ~ /etc/hosts.allow set up correctly and dont allow rcmd commands on your ~ system.. This is not the case here I believe. if this bug really takes place, I would think that it's on tcp or ip level, so the most you need here, is some port being listened to. ~ I tried to remotely reboot my ftp server here and no it does not ~ work hmm.. depends on how you did that. Assuming from the other reports people send to the list, I believe the problem appears on tcp/ip level _maybe_ with some specific kernel options turned on. I've played with a friend's of mine machine bombing it with various sorts of maliformed tcp/udp and just sick ip datagrams but wasn't able to reproduce this. If anyone expirienced the problem wouldn't mind to share their log files/network traffic dump, I would appreciate that. -- fygrave@tigerteam.net http://www.kalug.lug.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message