Date: Wed, 3 Jul 1996 10:51:25 -0400 (EDT) From: "Pedro F. Giffuni S." <pgiffuni@biblioteca.campus.unal.edu.co> To: Matt Bartley <mbartley@lear35.cytex.com> Cc: security@freebsd.org, stable@freebsd.org Subject: What is known about The security hole Message-ID: <Pine.A32.3.91.960703102610.30718B-100000@biblioteca.campus.unal.edu.co> In-Reply-To: <199607030559.WAA18214@lear35.cytex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Jul 1996, Matt Bartley wrote: > > With all due discretion, what happened to you with the 8.6.13 that's > in 2.1.0? > Since everyone wants to know the details, here they are: I manage 3 machines: 2 FreeBSD's and an AIX 3.2.5. I have always kept tcpd running, and all the r* services closed. I considered my machines had an acceptable security, until I started noting: 1) delayed or bouncing mail 2) a fbsd message "removed from mail queue" on console 3) a mail reply, that I didn't send, saying the mailer could not execute the requested command 4) The fbsd that I installed first was specially damaged: permisions were changed and it has problems resolving names 5) /etc/motd was modified, the sarcastic message included excerpts from a mail message I had sent weeks ago to the netadmin. 6) The cracker even sent me mail from root's account, and on that date no one logged in! Most of our machines are cracked, but one of the things that surprised me was that a private fbsd, installed a week ago, also fell. I would suggest having smrsh included by default in sendmail's configuration in new releases, and immediate upgrades in sendmail and BIND. On a non-release level, excelent proposals have been replacing sendmail by ZMail, or qMail, or shutdown sendmail and run it with crontab. Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A32.3.91.960703102610.30718B-100000>