Date: Fri, 1 Dec 2000 17:21:47 +0000 From: Frank van Vliet <karin@root66.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: security@freebsd.org Subject: Re: FreeBSD hacked? Message-ID: <20001201172147.A25455@root66.org> In-Reply-To: <200012011454.eB1EsH747653@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Dec 01, 2000 at 06:53:48AM -0800 References: <18748.975613708@winston.osd.bsdi.com> <200012011454.eB1EsH747653@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Fri, Dec 01, 2000 at 06:53:48AM -0800, Cy Schubert - ITSD Open Systems Group wrote:
> In message <18748.975613708@winston.osd.bsdi.com>, Jordan Hubbard
> writes:
> > > so, for the next few days, there is a possibility that the rest of us are
> > > as vulnerable? *raised eyebrow*
> >
> > Only if you run all of FreeBSD.org's CGI scripts. Do you? :)
>
> I think the only CGI script that runs on www.freebsd.org that people
> might run is cvsweb because its a port in the ports collection. Until
> we hear otherwise there is the possibility that it might be the culprit.
>
> You people should just watch the commits to the www source tree.
> Eventually you'll see a commit that will fix the problem. Until then
> you'll have to wait.
Ofcourse cvsweb could contain bugs, but it is a www.freebsd.org specific script nohican and me exploited. I don't see any reason for 'panick' about cvsweb.
Frank van Vliet alias {}
karin@root66.org
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOifeKev9YnvRDibSEQJb4QCfRsjQu89Yu7wbf8tt2iw/1/M+OicAoOeY
v8o/mnUMEO9+mMuy7jByy+8L
=sDMO
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001201172147.A25455>