From owner-freebsd-stable Mon May 3 16:32:22 1999 Delivered-To: freebsd-stable@freebsd.org Received: from fed-ef1.frb.gov (fed.frb.gov [132.200.32.32]) by hub.freebsd.org (Postfix) with ESMTP id 5C81B14BC9; Mon, 3 May 1999 16:32:18 -0700 (PDT) (envelope-from seth@freebie.dp.ny.frb.org) Received: by fed-ef1.frb.gov; id TAA18455; Mon, 3 May 1999 19:32:18 -0400 (EDT) Received: from m1pmdf.frb.gov(192.168.3.38) by fed.frb.gov via smap (V4.2) id xma018420; Mon, 3 May 99 19:32:15 -0400 Date: Mon, 03 May 1999 19:32:11 -0400 (EDT) From: Seth Subject: FreeBSD 3.1 remote reboot exploit (fwd) To: freebsd-stable@freebsd.org, security@freebsd.org Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Just hit bugtraq, figured people might want to get in touch or start digging. SB ---------- Forwarded message ---------- Date: Sat, 01 May 1999 03:18:40 -0500 From: Jamie Rishaw To: BUGTRAQ@netspace.org Subject: FreeBSD 3.1 remote reboot exploit Hi, Sorry to be so vague, but I wanted to let everyone know, It's been demonstrated to me by two people who will not reveal "how" that there is a remote bug exploit, almost certainly over IP, that will cause FreeBSD-3.1 systems to reboot with no warnings. The second box this was demonstrated on today had no open services besides ircd, and was remote rebooted. (The first box had open services such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd as the culprit). If anyone can shed some light on this (really bad) issue, it'd be greatly appreciated, especially since I am(was) in the process of upgrading all of my boxes to 3.1. (3.1-REL). Regards, -jamie -- jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc. >Sr. Network Engr, Chicago, SoCal Data Centers In an interesting move Exodus Communications annouced today that they have replaced all of their backbone engineers with furby's To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message