From owner-freebsd-stable Mon May 3 18:41:39 1999 Delivered-To: freebsd-stable@freebsd.org Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145]) by hub.freebsd.org (Postfix) with ESMTP id 3AB4E14E7B; Mon, 3 May 1999 18:41:35 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (localhost.cdrom.com [127.0.0.1]) by dingo.cdrom.com (8.9.3/8.8.8) with ESMTP id SAA01305; Mon, 3 May 1999 18:40:30 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Message-Id: <199905040140.SAA01305@dingo.cdrom.com> X-Mailer: exmh version 2.0.2 2/24/98 To: Seth Cc: freebsd-stable@freebsd.org, security@freebsd.org, jamie@exodus.net Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) In-reply-to: Your message of "Mon, 03 May 1999 19:32:11 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 03 May 1999 18:40:30 -0700 From: Mike Smith Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have to say that Jamie really let us down by not running a raw tcpdump alongside the second targetted machine here. Any chance of provoking these people into "demonstrating" the exploit on a machine, while another connected to the same wire is running tcpdump -s 2000 -w splot.raw and then sending us the 'splot.raw' file? > Just hit bugtraq, figured people might want to get in touch or start > digging. > > SB > > ---------- Forwarded message ---------- > Date: Sat, 01 May 1999 03:18:40 -0500 > From: Jamie Rishaw > To: BUGTRAQ@netspace.org > Subject: FreeBSD 3.1 remote reboot exploit > > Hi, > > Sorry to be so vague, but I wanted to let everyone know, > > It's been demonstrated to me by two people who will not reveal "how" > that there is a remote bug exploit, almost certainly over IP, that will > cause FreeBSD-3.1 systems to reboot with no warnings. > > The second box this was demonstrated on today had no open services > besides ircd, and was remote rebooted. (The first box had open services > such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd > as the culprit). > > If anyone can shed some light on this (really bad) issue, it'd be > greatly appreciated, especially since I am(was) in the process of > upgrading all of my boxes to 3.1. (3.1-REL). > > Regards, > > -jamie > -- > jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc. > >Sr. Network Engr, Chicago, SoCal Data Centers > In an interesting move Exodus Communications annouced today that > they have replaced all of their backbone engineers with furby's > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message