Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Dec 2000 17:21:47 +0000
From:      Frank van Vliet <karin@root66.org>
To:        Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc:        security@freebsd.org
Subject:   Re: FreeBSD hacked?
Message-ID:  <20001201172147.A25455@root66.org>
In-Reply-To: <200012011454.eB1EsH747653@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Dec 01, 2000 at 06:53:48AM -0800
References:  <18748.975613708@winston.osd.bsdi.com> <200012011454.eB1EsH747653@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 01, 2000 at 06:53:48AM -0800, Cy Schubert - ITSD Open Systems G=
roup wrote:
> In message <18748.975613708@winston.osd.bsdi.com>, Jordan Hubbard=20
> writes:
> > > so, for the next few days, there is a possibility that the rest of us=
 are
> > > as vulnerable? *raised eyebrow*
> >=20
> > Only if you run all of FreeBSD.org's CGI scripts.  Do you? :)
>=20
> I think the only CGI script that runs on www.freebsd.org that people=20
> might run is cvsweb because its a port in the ports collection.  Until=20
> we hear otherwise there is the possibility that it might be the culprit.
>=20
> You people should just watch the commits to the www source tree. =20
> Eventually you'll see a commit that will fix the problem.  Until then=20
> you'll have to wait.

Ofcourse cvsweb could contain bugs, but it is a www.freebsd.org specific sc=
ript nohican and me exploited. I don't see any reason for 'panick' about cv=
sweb. =20


	Frank van Vliet alias {}
	karin@root66.org


--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOifeKev9YnvRDibSEQJb4QCfRsjQu89Yu7wbf8tt2iw/1/M+OicAoOeY
v8o/mnUMEO9+mMuy7jByy+8L
=sDMO
-----END PGP SIGNATURE-----

--xHFwDpU9dbj6ez1V--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001201172147.A25455>