From owner-freebsd-security  Thu Nov 30 20:48:56 2000
Delivered-To: freebsd-security@freebsd.org
Received: from easeway.com (ns1.easeway.com [209.69.39.1])
	by hub.freebsd.org (Postfix) with ESMTP id DCDDC37B400
	for <security@freebsd.org>; Thu, 30 Nov 2000 20:48:53 -0800 (PST)
Received: (from mwlucas@localhost)
	by easeway.com (8.8.8/8.8.5) id XAA10308;
	Thu, 30 Nov 2000 23:09:41 -0500 (EST)
Message-Id: <200012010409.XAA10308@easeway.com>
Subject: Re: FreeBSD hacked?
In-Reply-To: <20001130181141.Y559@puck.firepipe.net> from Will Andrews at "Nov 30, 0 06:11:41 pm"
To: will@physics.purdue.edu
Date: Thu, 30 Nov 100 23:09:40 -0500 (EST)
Cc: security@freebsd.org
From: mwlucas@exceptionet.com
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

[cc's trimmed]
> *Apparently* only a html file was changed.. so you don't know it was
> rooted.  It'd be pretty hard to root *.freebsd.org boxes..

True, my bad.

Still, having a html file changed through a CGI exploit is enough to make
you run for your Tripwire disk.  Think about it:

"Nah, I just changed the web page, I didn't root you and install a back
door.  Really." 

Wow, that sends *my* trust level soaring.

==ml

-- 
Michael Lucas			|
Exceptionet, Inc.		|	www.exceptionet.com
"Exceptional Networking"	|


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message