From owner-freebsd-security  Tue Nov 28 18:41:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id 8AF2837B402
	for <security@FreeBSD.ORG>; Tue, 28 Nov 2000 18:41:13 -0800 (PST)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id SAA15797;
	Tue, 28 Nov 2000 18:40:42 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda15795; Tue Nov 28 18:40:40 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.11.1/8.9.1) id eAT2eZa10735;
	Tue, 28 Nov 2000 18:40:35 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdJ10733; Tue Nov 28 18:40:11 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.11.1/8.9.1) id eAT2e6d17225;
	Tue, 28 Nov 2000 18:40:06 -0800 (PST)
Message-Id: <200011290240.eAT2e6d17225@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdd17209; Tue Nov 28 18:39:21 2000
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.2-RELEASE
X-Sender: cy
To: thomas@noproblem.net
Cc: security@FreeBSD.ORG
Subject: Re: FreeBSD hacked? 
In-reply-to: Your message of "Wed, 29 Nov 2000 00:49:34 GMT."
             <ELEFLMLBFNJIIAMHIEKCAEMFCGAA.thomas@noproblem.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 28 Nov 2000 18:39:20 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <ELEFLMLBFNJIIAMHIEKCAEMFCGAA.thomas@noproblem.net>, "Thomas 
Beaucha
mp" writes:
> 
> PLEASE!
> 
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Stefano Riva
> Sent: Wednesday, November 29, 2000 12:47 AM
> To: Kris Kennaway
> Cc: security@freebsd.org
> Subject: Re: FreeBSD hacked?
> 
> 
> At 16.13 28/11/00 -0800, you wrote:
> >Yes, I can confirm this happened last night. We were immediately
> >informed by those who did it including how it was achieved. The
> >penetration mechanism was not a vulnerability in FreeBSD and was
> >corrected immediately.
> 
>   Could you give us some detail about the mechanism used?


5 will get you 10 that it's probably a CGI exploit.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message