From owner-freebsd-security Thu Dec 14 13:10:26 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 14 13:10:21 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 5C62937B698; Thu, 14 Dec 2000 13:10:21 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id NAA17576; Thu, 14 Dec 2000 13:10:11 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda17570; Thu Dec 14 13:10:04 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.1/8.9.1) id eBEL9xS10091; Thu, 14 Dec 2000 13:09:59 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdW10081; Thu Dec 14 13:09:00 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.1/8.9.1) id eBEL8wo04627; Thu, 14 Dec 2000 13:08:58 -0800 (PST) Message-Id: <200012142108.eBEL8wo04627@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdqQ4623; Thu Dec 14 13:08:47 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.2-RELEASE X-Sender: cy To: Kris Kennaway Cc: John Howie , security@FreeBSD.ORG Subject: Re: procfs vulnerability (Re: Details of www.freebsd.org penetration) In-reply-to: Your message of "Thu, 14 Dec 2000 08:28:14 PST." <20001214082814.A25963@citusc.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 14 Dec 2000 13:08:47 -0800 Sender: cy@uumail.gov.bc.ca Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001214082814.A25963@citusc.usc.edu>, Kris Kennaway writes: > > --ZGiS0Q5IWpPtfppv > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Fri, Dec 15, 2000 at 07:53:32AM -0000, John Howie wrote: > > Kris, > >=20 > > Any chance you could let us know exactly what 'local root vulnerability' = > was > > exploited. As I recall it was originally stated that no weakness in FreeB= > SD > > itself had been leveraged. I appreciate that the hacker gained access to = > the > > No, I said that it was not a vulnerability in FreeBSD which allowed > the initial penetration. The attackers wouldn't have been able to get > in if this was any old FreeBSD system that wasn't running dodgy CGI > scripts. > > > system via CGI (and not a FreeBSD weakness) but once in he/she became root > > through some other means. Was this vulnerability a configuration issue or > > simply a known problem that had not been addressed? > > The latter :-( In fact it was a problem which was brought to our > attention a few days prior by the same guys who did the penetration - > unfortunately it's taken us rather longer than I would have liked to > get it fixed and an advisory released, a combination of the people > involved being busy travelling, or just busy. However we've finally > got it all together, it seems, and so an advisory should be out on > Monday. Has the fix been committed? If so, is it procfs_ctl.c 1.22? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message