From owner-freebsd-security Fri Dec 1 6:55: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 85EB537B400; Fri, 1 Dec 2000 06:54:57 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA26360; Fri, 1 Dec 2000 06:54:44 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda26356; Fri Dec 1 06:54:44 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.1/8.9.1) id eB1EscA16051; Fri, 1 Dec 2000 06:54:38 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdr16032; Fri Dec 1 06:54:18 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.1/8.9.1) id eB1EsH747653; Fri, 1 Dec 2000 06:54:17 -0800 (PST) Message-Id: <200012011454.eB1EsH747653@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdz47641; Fri Dec 1 06:53:49 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.2-RELEASE X-Sender: cy To: Jordan Hubbard Cc: The Hermit Hacker , Kris Kennaway , Stefano Riva , security@FreeBSD.ORG Subject: Re: FreeBSD hacked? In-reply-to: Your message of "Thu, 30 Nov 2000 11:48:28 PST." <18748.975613708@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Dec 2000 06:53:48 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <18748.975613708@winston.osd.bsdi.com>, Jordan Hubbard writes: > > so, for the next few days, there is a possibility that the rest of us are > > as vulnerable? *raised eyebrow* > > Only if you run all of FreeBSD.org's CGI scripts. Do you? :) I think the only CGI script that runs on www.freebsd.org that people might run is cvsweb because its a port in the ports collection. Until we hear otherwise there is the possibility that it might be the culprit. You people should just watch the commits to the www source tree. Eventually you'll see a commit that will fix the problem. Until then you'll have to wait. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message