From owner-freebsd-ports@FreeBSD.ORG Thu Dec 16 07:10:16 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DDFC16A4CE for ; Thu, 16 Dec 2004 07:10:16 +0000 (GMT) Received: from kweetal.tue.nl (kweetal.tue.nl [131.155.3.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90FFF43D39 for ; Thu, 16 Dec 2004 07:10:15 +0000 (GMT) (envelope-from stijn@pcwin002.win.tue.nl) Received: by kweetal.tue.nl (Postfix, from userid 40) id 7D12513BA3C; Thu, 16 Dec 2004 08:10:14 +0100 (CET) Received: from pcwin002.win.tue.nl (pcwin002.win.tue.nl [131.155.71.72]) by kweetal.tue.nl (Postfix) with ESMTP id 3666F13B8BE; Thu, 16 Dec 2004 08:10:03 +0100 (CET) Received: (from stijn@localhost) by pcwin002.win.tue.nl (8.13.1/8.13.1/Submit) id iBG7A3mC097483; Thu, 16 Dec 2004 08:10:03 +0100 (CET) (envelope-from stijn) Date: Thu, 16 Dec 2004 08:10:02 +0100 From: Stijn Hoop To: Lupe Christoph Message-ID: <20041216071002.GF89720@pcwin002.win.tue.nl> References: <20041216010359.51904.qmail@web51604.mail.yahoo.com> <20041216064042.GE10225@lupe-christoph.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041216064042.GE10225@lupe-christoph.de> User-Agent: Mutt/1.4.2.1i X-Bright-Idea: Let's abolish HTML mail! X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on kweetal.tue.nl X-Spam-DCC: : X-Spam-Status: No, hits=-4.9 required=6.3 tests=BAYES_00 autolearn=ham version=2.64 X-Spam-Level: cc: freebsd-ports@freebsd.org Subject: Re: Security Exploits found in FreeBSD 4.10's ports tree. X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 07:10:16 -0000 On Thu, Dec 16, 2004 at 07:40:42AM +0100, Lupe Christoph wrote: > On Wednesday, 2004-12-15 at 17:03:59 -0800, Pedro F. Giffuni wrote: > > This made it to Slashdot today, > > I can't find anything resembling this on Slashdot. Can you please > provide a link to the article? http://it.slashdot.org/it/04/12/15/2113202.shtml?tid=172&tid=146&tid=128&tid=130&tid=1&tid=106 Apparently a lot of vulnerabilities were found by a class of DJB's students. > > but what they didn't mention is that the > > xploits were found in FreeBSD 4.10's ports tree (at least the few that I've > > checked): Well the exploits are in the software itself, as far as I can determine, so yes, of course they will also be in the ports tree. > > http://tigger.uic.edu/~jlongs2/holes/ > > A traceroute to tigger.uic.edu fails after 31-35.gw.uic.edu > (128.248.246.174). It appears to be slashdotted. --Stijn -- Man had always assumed that he was more intelligent than dolphins because he had achieved so much... the wheel, New York, wars, and so on, whilst all the dolphins had ever done was muck about in the water having a good time. But conversely the dolphins believed themselves to be more intelligent than man for precisely the same reasons. -- Douglas Adams, "The Hitchhikers Guide To The Galaxy"