From owner-freebsd-stable  Fri Jul 20 11:18:34 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP id 6A21837B408
	for <freebsd-stable@FreeBSD.ORG>; Fri, 20 Jul 2001 11:18:21 -0700 (PDT)
	(envelope-from cdf.lists@fxp.org)
Received: by peitho.fxp.org (Postfix, from userid 1501)
	id 0F5961360E; Fri, 20 Jul 2001 14:18:20 -0400 (EDT)
Date: Fri, 20 Jul 2001 14:18:20 -0400
From: Chris Faulhaber <jedgar@fxp.org>
To: "Chad R. Larson" <chad@DCFinc.com>
Cc: Tom <tom@uniserve.com>, admin@kremilek.gyrec.cz,
	freebsd-stable@FreeBSD.ORG
Subject: Re: probably remote exploit
Message-ID: <20010720141820.C47930@peitho.fxp.org>
Mail-Followup-To: Chris Faulhaber <jedgar@fxp.org>,
	"Chad R. Larson" <chad@DCFinc.com>, Tom <tom@uniserve.com>,
	admin@kremilek.gyrec.cz, freebsd-stable@FreeBSD.ORG
References: <Pine.LNX.3.96.1010720174942.651C-100000@kremilek.gyrec.cz> <Pine.BSF.4.10.10107200923060.4917-100000@athena.uniserve.ca> <20010720111551.A12442@freeway.dcfinc.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010720111551.A12442@freeway.dcfinc.com>; from chad@DCFinc.com on Fri, Jul 20, 2001 at 11:15:51AM -0700
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 20, 2001 at 11:15:51AM -0700, Chad R. Larson wrote:
> On Fri, Jul 20, 2001 at 09:24:20AM -0700, Tom wrote:
> > There are known problems wiht ntpd, which you seem to be using.  There
> > is also a local exploit in 4.3-RELEASE.  You should be on the
> > freebsd-security mailing list, and you should be checking the archives
> > of that list first.
>=20
> Also, to be sure no one installed any backdoors, you might want to
> do a CVSup/buildworld/installworld cycle.
>=20

unless, of course, they trojaned the build tools :/  a full reinstall
is the best bet.

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--DocE+STaALJfprDB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjtYdewACgkQObaG4P6BelAL/QCfWA3/lDMYDlfo0sYyBb2ApyZb
UEAAoJfUWNHx5kl7gA22IEb/5pm164E4
=10m0
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message