From owner-freebsd-security Mon Apr 19 8:59:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 7544714F4A for ; Mon, 19 Apr 1999 08:59:21 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id LAA14758; Mon, 19 Apr 1999 11:56:48 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Mon, 19 Apr 1999 11:56:48 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Chris Cc: security@freebsd.org Subject: Re: poink and freebsd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 19 Apr 1999, Chris wrote: > im sure ya'll have heard of poink, an exploit against freebsd/openbsd > machines (these are the boxes i have tested on) it appears to work very > efficiently in killing freebsd 3.1 - freebsd 3.0 machines, against one of > our freebsd 2.2.5 machines, it did bring up the error messages in > /var/log/messages (arp lookups) but didnt kill the machine like the > others... > > im just wondering if there are any patches for this, and i noticed there > is no mention of it on freebsd's website.... Interestingly, I haven't heard about this one, and it doesn't appear to be on rootshell, etc. The only "poink" I could find reference to was an alternative ping program that doesn't require root access--I assume that means it uses udp or something to try and get a response (perhaps looking for a connection refused ICMP except on the socket?). I may just have missed it in passing, of course, given the vast quantities of email that go through around here :-). Since it doesn't appear to have been reported, send a copy of the source to security-officer@freebsd.org, and feel free to CC me a copy so I can take a look. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message