Skip site navigation (1)Skip section navigation (2) 
Date:      Mon,  3 May 1999 17:14:26 -0600 (MDT)
From:      "David G. Andersen" <danderse@cs.utah.edu>
To:        Brett Glass <brett@lariat.org>
Cc:        security@FreeBSD.ORG
Subject:   Re: Claimed remote reboot exploit: Real or bogus?
Message-ID:  <14126.11662.104650.743414@torrey.cs.utah.edu>
In-Reply-To: Brett Glass's message of Mon, May 3 1999 <4.2.0.37.19990503171021.04dd6630@localhost>
References:  <4.2.0.37.19990503171021.04dd6630@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
I've asked for a bit more information from Jamie, but that was about 3 
minutes ago, so I don't expect to hear back quite so soon.

If his boxes are being rebooted, it's probably legitimate.  Jamie's
trustworthy, and competent.

   -Dave

Lo and Behold, Brett Glass said:
> Can anyone confirm or deny the existence of this exploit?
>  >Reply-To: jamie@exodus.net
>  >Sender: Bugtraq List <BUGTRAQ@netspace.org>
>  >From: Jamie Rishaw <jamie@exodus.net>
>  >Subject:      FreeBSD 3.1 remote reboot exploit
>  >To: BUGTRAQ@netspace.org
>  >X-UIDL: bb7cd1086853f3805dc34b1136a06c40
>  >
>  >Hi,
>  >
>  >  Sorry to be so vague, but I wanted to let everyone know,
>  >
>  >  It's been demonstrated to me by two people who will not reveal "how"
>  >that there is a remote bug exploit, almost certainly over IP, that will
>  >cause FreeBSD-3.1 systems to reboot with no warnings.
>  >
>  >  The second box this was demonstrated on today had no open services
>  >besides ircd, and was remote rebooted.  (The first box had open services
>  >such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd
>  >as the culprit).
>  >
>  >  If anyone can shed some light on this (really bad) issue, it'd be
>  >greatly appreciated, especially since I am(was) in the process of
>  >upgrading all of my boxes to 3.1. (3.1-REL).

-- 
work: danderse@cs.utah.edu                     me:  angio@pobox.com
      University of Utah                            http://www.angio.net/
      Computer Science - Flux Research Group   "What's footnote FIVE?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14126.11662.104650.743414>