From owner-freebsd-security  Tue Mar 13 13:52:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-59.dsl.lsan03.pacbell.net [63.207.60.59])
	by hub.freebsd.org (Postfix) with ESMTP id 623DC37B718
	for <security@FreeBSD.ORG>; Tue, 13 Mar 2001 13:52:06 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 185BA66B6C; Tue, 13 Mar 2001 13:52:06 -0800 (PST)
Date: Tue, 13 Mar 2001 13:52:06 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: security@FreeBSD.ORG
Subject: Re: rwhod
Message-ID: <20010313135205.A17955@mollari.cthul.hu>
References: <200103122347.f2CNlxT28110@freefall.freebsd.org> <200103131644.LAA73764@khavrinen.lcs.mit.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200103131644.LAA73764@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Tue, Mar 13, 2001 at 11:44:24AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 13, 2001 at 11:44:24AM -0500, Garrett Wollman wrote:
> <<On Mon, 12 Mar 2001 15:47:59 -0800 (PST), FreeBSD Security Advisories <=
security-advisories@FreeBSD.ORG> said:
>=20
> > Remote users can cause the rwhod daemon to crash, denying service to
> > clients.
>=20
> It's worth noting that most people who run `rwhod' use it only for
> ``tourist information'' anyway and do not actually depend on the
> information it provides.  I run it on my servers so that the nightly
> reports will include the summary of uptimes and load averages, but if
> one daemon goes AWOL I'll not be particularly concerned.
>=20
> If, on the other hand, this bug is actually exploitable, that would be
> much more serious (and would warrant a reissue of the advisory).

Yeah, it's pretty tame..but still worth reporting (instances where
daemons can be remotely induced to crash are a class of bug we report
in advisories, reliability is a component of security, etc :-)

Kris

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6rpaFWry0BWjoQKURAhHYAKDNT5fwy+mGZASyFWcg6bRpppOYCQCbBpzj
oc4Yoanmtbf2MU7x9WFVbso=
=hrQ5
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message