From owner-freebsd-security  Wed Oct  9  9:59:49 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A77BE37B401
	for <freebsd-security@FreeBSD.ORG>; Wed,  9 Oct 2002 09:59:46 -0700 (PDT)
Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BE05143E88
	for <freebsd-security@FreeBSD.ORG>; Wed,  9 Oct 2002 09:59:42 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18])
	by obsidian.sentex.ca (8.12.6/8.12.6) with ESMTP id g99Gxd8g036382
	for <freebsd-security@FreeBSD.ORG>; Wed, 9 Oct 2002 12:59:39 -0400 (EDT)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.1.6.0.20021009125538.04748c18@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 09 Oct 2002 13:00:49 -0400
To: freebsd-security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Sendmail trojan...?
In-Reply-To: <20021009080341.A26616@zardoc.esmtp.org>
References: <20021009142546.GA27227@darkstar.doublethink.cx>
 <3DA3AE76.1070006@deevil.homeunix.org>
 <20021009142546.GA27227@darkstar.doublethink.cx>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: By Sentex Communications (obsidian/20020517)
X-Spam-Status: No, hits=-8.2 required=5.0
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01
	version=2.41
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hi,
         Do you know the method they used to get in ? OpenSSL/https then 
local root exploit ?  Although netcraft says
Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6e on FreeBSD



         ---Mike

At 08:03 AM 09/10/2002 -0700, Claus Assmann wrote:
>On Wed, Oct 09, 2002, Chris Faulhaber wrote:
>
> > Yes, the source in the tree has been verified against the
> > signed tarball; plus, it was the configure script that was
> > backdoored which buildworld does not use.
>
>It was not the configure script. I'm wondering who came up with
>this rumor; please stop spreading it.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message