From owner-freebsd-security Thu Dec 14 8: 9: 6 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 14 08:09:03 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from cam067213.student.utwente.nl (cam067213.student.utwente.nl [130.89.226.203]) by hub.freebsd.org (Postfix) with SMTP id 0A54437B400 for ; Thu, 14 Dec 2000 08:09:03 -0800 (PST) Received: (qmail 43341 invoked by uid 1001); 14 Dec 2000 17:10:57 -0000 Date: Thu, 14 Dec 2000 17:10:57 +0000 From: Frank van Vliet To: freebsd-security@freebsd.org Subject: Re: Details of www.freebsd.org penetration Message-ID: <20001214171057.A43310@root66.org> References: <20001214070649.A25429@citusc.usc.edu> <00c401c0666c$1f63cff0$9207c00a@local> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00c401c0666c$1f63cff0$9207c00a@local>; from JHowie@msn.com on Fri, Dec 15, 2000 at 07:53:32AM -0000 Sender: karin@cam067213.student.utwente.nl Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 15, 2000 at 07:53:32AM -0000, John Howie wrote: > Any chance you could let us know exactly what 'local root vulnerability' = was > exploited. As I recall it was originally stated that no weakness in FreeB= SD > itself had been leveraged. I appreciate that the hacker gained access to = the > system via CGI (and not a FreeBSD weakness) but once in he/she became root > through some other means. Was this vulnerability a configuration issue or > simply a known problem that had not been addressed? Allthou we normaly only use weaknesses created by the server admins itself,= =20 like cgi scripts made by them and configurations, this time local root was gained by a local root exploit which was an 'error' of freebsd itself.=20 Advisory about it was promised to be send weeks ago, it is fixed in FreeBSD= 4.2 Kris, this would be a nice timing for that advisory? Frank van Vliet alias {} Joost Pol alias nohican =09 --=20 RooT66: http://root66.student.utwente.nl PGP Public Key: http://root66.student.utwente.nl/frank.pub.pgp --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOjj/IOv9YnvRDibSEQKcUwCgtGPA5tbrbZUb3ELlejS1Au+QQToAn0qC Ba9b7llF3q9lXdahRZbIYxWd =Rsx+ -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message