From owner-freebsd-stable Fri Jul 20 9:24:59 2001 Delivered-To: freebsd-stable@freebsd.org Received: from mail2.uniserve.com (mail2.uniserve.com [204.244.156.10]) by hub.freebsd.org (Postfix) with ESMTP id 4BA0E37B401 for ; Fri, 20 Jul 2001 09:24:54 -0700 (PDT) (envelope-from tom@uniserve.com) Received: from mail2.uniserve.com ([204.244.156.10]) by mail2.uniserve.com with esmtp (Exim 3.13 #1) id 15Nd4e-0009mz-00; Fri, 20 Jul 2001 09:24:20 -0700 Date: Fri, 20 Jul 2001 09:24:20 -0700 (PDT) From: Tom X-Sender: tom@athena.uniserve.ca To: admin@kremilek.gyrec.cz Cc: freebsd-stable@FreeBSD.org Subject: Re: probably remote exploit In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 20 Jul 2001 admin@kremilek.gyrec.cz wrote: > Probably just warning. I personally couldn't believe it, but on > the last list of my 4.2-RELEASE appeared that host sh2.1-sh.com was logged > as user Jim. The one bad thing I did, that firewall wasnt working and > there is NFS available (besides BRIGDED connection to CISCO Router, named > and squid (both in sandbox) and sshd,ntp. I really don't know what > happened, because I couldn't believe that someone is able to find out the > eight character password. Because it is a school server I am not scared so > much about compomising, but would like to know if I am so stupid (I was > trying to leave,delete or update anything what was on security) or does it > happened to anyoneelse as well? (haven't got Disk Space to build these > days) There are known problems wiht ntpd, which you seem to be using. There is also a local exploit in 4.3-RELEASE. You should be on the freebsd-security mailing list, and you should be checking the archives of that list first. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message