From owner-freebsd-security Tue Jul 21 23:28:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA18027 for freebsd-security-outgoing; Tue, 21 Jul 1998 23:28:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from echonyc.com (echonyc.com [198.67.15.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA18009 for ; Tue, 21 Jul 1998 23:28:46 -0700 (PDT) (envelope-from benedict@echonyc.com) Received: from localhost (benedict@localhost) by echonyc.com (8.8.7/8.8.7) with SMTP id CAA05114; Wed, 22 Jul 1998 02:28:11 -0400 (EDT) Date: Wed, 22 Jul 1998 02:28:10 -0400 (EDT) From: Snob Art Genre Reply-To: ben@rosengart.com To: Brett Glass cc: Jim Shankland , ahd@kew.com, leec@adam.adonai.net, security@FreeBSD.ORG Subject: Re: hacked and don't know why In-Reply-To: <199807220613.AAA26581@lariat.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 22 Jul 1998, Brett Glass wrote: > The symptoms aren't hard to understand. As I found out when we > were hit by the same hack, buffer overflow exploits also > hose memory.... The disk cache, kernel data, possibly even page tables > can be corrupted. Nothing's safe. If you do anything to your file > system before rebooting, you can wind up with corrupted directories > and worse. This happened to us. This doesn't sound correct. Buffer overflows can give you unauthorized access to user memory, but shouldn't give you access to kernel memory at all. Otherwise running "crashme" as root would have more effect than it does (none). Ben "You have your mind on computers, it seems." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message