From owner-freebsd-security Wed Jul 22 11:19:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA22156 for freebsd-security-outgoing; Wed, 22 Jul 1998 11:19:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22135 for ; Wed, 22 Jul 1998 11:18:57 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id MAA07833; Wed, 22 Jul 1998 12:18:23 -0600 (MDT) Message-Id: <199807221818.MAA07833@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 22 Jul 1998 12:18:21 -0600 To: "Jordan K. Hubbard" From: Brett Glass Subject: Re: hacked and don't know why Cc: ben@rosengart.com, Jim Shankland , ahd@kew.com, leec@adam.adonai.net, security@FreeBSD.ORG In-Reply-To: <14999.901130389@time.cdrom.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:59 AM 7/22/98 -0700, Jordan K. Hubbard wrote: >You're assuming that the hackers knew what they were doing or that >they didn't attempt to run other exploit scripts which malfunctioned. Well, when *I* touched files their directory entries were also corrupted. This indicates that something deep within the system was hosed. And since the problem went away after a reboot, it appears to be the result of memory corruption. Even other exploit scripts would run in userland, so this suggests (no, there's no good way to establish it for sure yet) that the integrity of the kernel was breached. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message