From owner-freebsd-security Wed Oct 9 10:13:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B7AB37B404 for ; Wed, 9 Oct 2002 10:13:35 -0700 (PDT) Received: from mx01.nfr.com (mx01.nfr.com [63.91.45.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BFA143E75 for ; Wed, 9 Oct 2002 10:13:33 -0700 (PDT) (envelope-from nigel@nfr.com) Received: from localhost (localhost.nfr.com [127.0.0.1]) by mx01.nfr.com (Postfix) with ESMTP id 392D6222670; Wed, 9 Oct 2002 13:13:32 -0400 (EDT) Received: from l10n.hq.nfr.net (l10n.hq.nfr.net [65.202.219.68]) by mx01.nfr.com (Postfix) with ESMTP id 5D7F222262D; Wed, 9 Oct 2002 13:13:31 -0400 (EDT) Received: from dawgbsd.hq.nfr.net (localhost.nfr.com [127.0.0.1]) by l10n.hq.nfr.net (Postfix) with ESMTP id 1521B66B66; Wed, 9 Oct 2002 13:13:58 -0400 (EDT) Subject: Re: Sendmail trojan...? From: Nigel Houghton To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <5.1.1.6.0.20021009125538.04748c18@marble.sentex.ca> References: <20021009142546.GA27227@darkstar.doublethink.cx> <3DA3AE76.1070006@deevil.homeunix.org> <20021009142546.GA27227@darkstar.doublethink.cx> <5.1.1.6.0.20021009125538.04748c18@marble.sentex.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-/WYWXRNbIJV4Q/G+ldSK" X-Mailer: Ximian Evolution 1.0.5 Date: 09 Oct 2002 13:16:30 -0400 Message-Id: <1034183794.249.54.camel@dawgbsd> Mime-Version: 1.0 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-/WYWXRNbIJV4Q/G+ldSK Content-Type: text/plain Content-Transfer-Encoding: quoted-printable There are a myriad of possibilities, the only folks who can tell you are those who are responsible for the box in question. On Wed, 2002-10-09 at 13:00, Mike Tancsa wrote: >=20 > Hi, > Do you know the method they used to get in ? OpenSSL/https then=20 > local root exploit ? Although netcraft says > Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6e on FreeBSD >=20 >=20 >=20 > ---Mike >=20 > At 08:03 AM 09/10/2002 -0700, Claus Assmann wrote: > >On Wed, Oct 09, 2002, Chris Faulhaber wrote: > > > > > Yes, the source in the tree has been verified against the > > > signed tarball; plus, it was the configure script that was > > > backdoored which buildworld does not use. > > > >It was not the configure script. I'm wondering who came up with > >this rumor; please stop spreading it. >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 --------------------------------------- Nigel Houghton NFR Security Inc. Webmaster http://www.nfr.com/ There cannot be a crisis next week. My schedule is already full. --Henry Kissinger=20 --=-/WYWXRNbIJV4Q/G+ldSK Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQA9pGRts9X0TSPbQvERAszXAJwK7pR/kkuYuhndCVHgtf9OYxfO3ACgrKYu mXvzBgs58VH7O6lwOoTNz58= =abqo -----END PGP SIGNATURE----- --=-/WYWXRNbIJV4Q/G+ldSK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message