From owner-freebsd-security Wed Jul 3 08:53:47 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA18658 for security-outgoing; Wed, 3 Jul 1996 08:53:47 -0700 (PDT) Received: from biblioteca.campus.unal.edu.co ([200.21.26.198]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA18651; Wed, 3 Jul 1996 08:53:39 -0700 (PDT) Received: by biblioteca.campus.unal.edu.co (AIX 3.2/UCB 5.64/4.03) id AA33578; Wed, 3 Jul 1996 10:51:25 -0400 Date: Wed, 3 Jul 1996 10:51:25 -0400 (EDT) From: "Pedro F. Giffuni S." To: Matt Bartley Cc: security@freebsd.org, stable@freebsd.org Subject: What is known about The security hole In-Reply-To: <199607030559.WAA18214@lear35.cytex.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 2 Jul 1996, Matt Bartley wrote: > > With all due discretion, what happened to you with the 8.6.13 that's > in 2.1.0? > Since everyone wants to know the details, here they are: I manage 3 machines: 2 FreeBSD's and an AIX 3.2.5. I have always kept tcpd running, and all the r* services closed. I considered my machines had an acceptable security, until I started noting: 1) delayed or bouncing mail 2) a fbsd message "removed from mail queue" on console 3) a mail reply, that I didn't send, saying the mailer could not execute the requested command 4) The fbsd that I installed first was specially damaged: permisions were changed and it has problems resolving names 5) /etc/motd was modified, the sarcastic message included excerpts from a mail message I had sent weeks ago to the netadmin. 6) The cracker even sent me mail from root's account, and on that date no one logged in! Most of our machines are cracked, but one of the things that surprised me was that a private fbsd, installed a week ago, also fell. I would suggest having smrsh included by default in sendmail's configuration in new releases, and immediate upgrades in sendmail and BIND. On a non-release level, excelent proposals have been replacing sendmail by ZMail, or qMail, or shutdown sendmail and run it with crontab. Pedro.