From owner-freebsd-security  Fri Dec  1  8:20:17 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cam067213.student.utwente.nl (cam067213.student.utwente.nl [130.89.226.203])
	by hub.freebsd.org (Postfix) with SMTP id 8DFB637B401
	for <security@freebsd.org>; Fri,  1 Dec 2000 08:20:14 -0800 (PST)
Received: (qmail 26367 invoked by uid 1001); 1 Dec 2000 17:21:47 -0000
Date: Fri, 1 Dec 2000 17:21:47 +0000
From: Frank van Vliet <karin@root66.org>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: security@freebsd.org
Subject: Re: FreeBSD hacked?
Message-ID: <20001201172147.A25455@root66.org>
References: <18748.975613708@winston.osd.bsdi.com> <200012011454.eB1EsH747653@cwsys.cwsent.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200012011454.eB1EsH747653@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, Dec 01, 2000 at 06:53:48AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 01, 2000 at 06:53:48AM -0800, Cy Schubert - ITSD Open Systems G=
roup wrote:
> In message <18748.975613708@winston.osd.bsdi.com>, Jordan Hubbard=20
> writes:
> > > so, for the next few days, there is a possibility that the rest of us=
 are
> > > as vulnerable? *raised eyebrow*
> >=20
> > Only if you run all of FreeBSD.org's CGI scripts.  Do you? :)
>=20
> I think the only CGI script that runs on www.freebsd.org that people=20
> might run is cvsweb because its a port in the ports collection.  Until=20
> we hear otherwise there is the possibility that it might be the culprit.
>=20
> You people should just watch the commits to the www source tree. =20
> Eventually you'll see a commit that will fix the problem.  Until then=20
> you'll have to wait.

Ofcourse cvsweb could contain bugs, but it is a www.freebsd.org specific sc=
ript nohican and me exploited. I don't see any reason for 'panick' about cv=
sweb. =20


	Frank van Vliet alias {}
	karin@root66.org


--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOifeKev9YnvRDibSEQJb4QCfRsjQu89Yu7wbf8tt2iw/1/M+OicAoOeY
v8o/mnUMEO9+mMuy7jByy+8L
=sDMO
-----END PGP SIGNATURE-----

--xHFwDpU9dbj6ez1V--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message