From owner-freebsd-security Fri Dec 1 8:31:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id AC33237B400 for ; Fri, 1 Dec 2000 08:31:34 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA26907; Fri, 1 Dec 2000 08:31:30 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda26903; Fri Dec 1 08:31:28 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.1/8.9.1) id eB1GVMA16997; Fri, 1 Dec 2000 08:31:22 -0800 (PST) Message-Id: <200012011631.eB1GVMA16997@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdA16988; Fri Dec 1 08:31:06 2000 X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.2-RELEASE X-Sender: cschuber To: Frank van Vliet Cc: Cy Schubert - ITSD Open Systems Group , security@freebsd.org Subject: Re: FreeBSD hacked? In-reply-to: Your message of "Fri, 01 Dec 2000 17:21:47 GMT." <20001201172147.A25455@root66.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 01 Dec 2000 08:31:06 -0800 From: Cy Schubert Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001201172147.A25455@root66.org>, Frank van Vliet writes: > > --xHFwDpU9dbj6ez1V > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Fri, Dec 01, 2000 at 06:53:48AM -0800, Cy Schubert - ITSD Open Systems G > roup wrote: > > In message <18748.975613708@winston.osd.bsdi.com>, Jordan Hubbard > > writes: > > > > so, for the next few days, there is a possibility that the rest of us > are > > > > as vulnerable? *raised eyebrow* > > > > > > Only if you run all of FreeBSD.org's CGI scripts. Do you? :) > > > > I think the only CGI script that runs on www.freebsd.org that people > > might run is cvsweb because its a port in the ports collection. Until > > we hear otherwise there is the possibility that it might be the culprit. > > > You people should just watch the commits to the www source tree. > > Eventually you'll see a commit that will fix the problem. Until then > > you'll have to wait. > > Ofcourse cvsweb could contain bugs, but it is a www.freebsd.org specific sc > ript nohican and me exploited. I don't see any reason for 'panick' about cv > sweb. Who said I was panicking? I don't even feel anxious about this issue. The only thing I feel anxious about is the stock market. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message