From owner-freebsd-security  Wed Oct  9 10:13: 6 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4257D37B406
	for <freebsd-security@FreeBSD.ORG>; Wed,  9 Oct 2002 10:13:04 -0700 (PDT)
Received: from zardoc.esmtp.org (adsl-63-195-85-27.dsl.snfc21.pacbell.net [63.195.85.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3DDEB43E75
	for <freebsd-security@FreeBSD.ORG>; Wed,  9 Oct 2002 10:13:02 -0700 (PDT)
	(envelope-from ca@zardoc.esmtp.org)
Received: from zardoc.esmtp.org (localhost [127.0.0.1])
	by zardoc.esmtp.org (8.12.7.Beta1/8.12.4) with ESMTP id g99HCbMN018629
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <freebsd-security@FreeBSD.ORG>; Wed, 9 Oct 2002 10:12:37 -0700 (PDT)
Received: (from ca@localhost)
	by zardoc.esmtp.org (8.12.7.Beta1/8.12.3/Submit) id g99HCb1G022780
	for freebsd-security@FreeBSD.ORG; Wed, 9 Oct 2002 10:12:37 -0700 (PDT)
Date: Wed, 9 Oct 2002 10:12:37 -0700
From: Claus Assmann <freebsd+security@esmtp.org>
To: freebsd-security@FreeBSD.ORG
Subject: Re: Sendmail trojan...?
Message-ID: <20021009101237.A11608@zardoc.esmtp.org>
Reply-To: freebsd-security@FreeBSD.ORG
References: <20021009142546.GA27227@darkstar.doublethink.cx> <3DA3AE76.1070006@deevil.homeunix.org> <20021009142546.GA27227@darkstar.doublethink.cx> <20021009080341.A26616@zardoc.esmtp.org> <5.1.1.6.0.20021009125538.04748c18@marble.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <5.1.1.6.0.20021009125538.04748c18@marble.sentex.ca>; from mike@sentex.net on Wed, Oct 09, 2002 at 01:00:49PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Oct 09, 2002, Mike Tancsa wrote:
> 
> Hi,
>          Do you know the method they used to get in ? OpenSSL/https then 
> local root exploit ?  Although netcraft says
> Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6e on FreeBSD

We don't know (yet).

If you can help us trying to figure this out, please contact
sendmail-security at sendmail.org 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message