From owner-freebsd-security  Mon Mar 19 23:35:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-28.dsl.lsan03.pacbell.net [64.165.226.28])
	by hub.freebsd.org (Postfix) with ESMTP id 7CE4637B719
	for <security@freebsd.org>; Mon, 19 Mar 2001 23:35:25 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 84D6766C4F; Mon, 19 Mar 2001 23:34:08 -0800 (PST)
Date: Mon, 19 Mar 2001 23:34:08 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Brett Glass <brett@lariat.org>
Cc: security@freebsd.org
Subject: Re: Odd event -- possible security hole or DoS?
Message-ID: <20010319233408.A15890@xor.obsecurity.org>
References: <4.3.2.7.2.20010319172800.00cf9c60@localhost> <4.3.2.7.2.20010319172800.00cf9c60@localhost> <20010319223615.B14837@xor.obsecurity.org> <4.3.2.7.2.20010320001710.00d88950@localhost>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <4.3.2.7.2.20010320001710.00d88950@localhost>; from brett@lariat.org on Tue, Mar 20, 2001 at 12:19:15AM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 20, 2001 at 12:19:15AM -0700, Brett Glass wrote:
> At 11:36 PM 3/19/2001, Kris Kennaway wrote:
>=20
> >I can't even begin to remember all of the TCP, kernel and application
> >bugs fixed in the 2 1/2 years since 2.2.8.  There are probably a
> >number of ways someone could have caused something like this.
>=20
> I guess what I'm concerned about is that I don't know if it's
> an intentional DoS and/or if it's present in current versions.
> I'll try to do some testing to see if I can lock up inetd
> on that system again via finger.

Reproducing this on a properly-configured version of 4.2-STABLE would
probably be a minimum for this to be a useful lead.

Kris

--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6twfwWry0BWjoQKURAv+aAKCHqCqY7EgPnat+keG0Ahvj5+v2eQCfUfDy
Fjrkt4KE9/4u71ZPHuRj1iI=
=qPUC
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message