From owner-freebsd-security Mon May 3 16:14:30 1999 Delivered-To: freebsd-security@freebsd.org Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100]) by hub.freebsd.org (Postfix) with ESMTP id 8BADF154AC for ; Mon, 3 May 1999 16:14:27 -0700 (PDT) (envelope-from danderse@cs.utah.edu) Received: from torrey.cs.utah.edu (torrey.cs.utah.edu [155.99.212.91]) by wrath.cs.utah.edu (8.8.8/8.8.8) with ESMTP id RAA28602; Mon, 3 May 1999 17:14:26 -0600 (MDT) Received: (from danderse@localhost) by torrey.cs.utah.edu (8.9.1/8.9.1) id RAA20781; Mon, 3 May 1999 17:14:26 -0600 (MDT) (envelope-from danderse@cs.utah.edu) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Mon, 3 May 1999 17:14:26 -0600 (MDT) From: "David G. Andersen" To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Claimed remote reboot exploit: Real or bogus? In-Reply-To: Brett Glass's message of Mon, May 3 1999 <4.2.0.37.19990503171021.04dd6630@localhost> References: <4.2.0.37.19990503171021.04dd6630@localhost> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14126.11662.104650.743414@torrey.cs.utah.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've asked for a bit more information from Jamie, but that was about 3 minutes ago, so I don't expect to hear back quite so soon. If his boxes are being rebooted, it's probably legitimate. Jamie's trustworthy, and competent. -Dave Lo and Behold, Brett Glass said: > Can anyone confirm or deny the existence of this exploit? > >Reply-To: jamie@exodus.net > >Sender: Bugtraq List > >From: Jamie Rishaw > >Subject: FreeBSD 3.1 remote reboot exploit > >To: BUGTRAQ@netspace.org > >X-UIDL: bb7cd1086853f3805dc34b1136a06c40 > > > >Hi, > > > > Sorry to be so vague, but I wanted to let everyone know, > > > > It's been demonstrated to me by two people who will not reveal "how" > >that there is a remote bug exploit, almost certainly over IP, that will > >cause FreeBSD-3.1 systems to reboot with no warnings. > > > > The second box this was demonstrated on today had no open services > >besides ircd, and was remote rebooted. (The first box had open services > >such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd > >as the culprit). > > > > If anyone can shed some light on this (really bad) issue, it'd be > >greatly appreciated, especially since I am(was) in the process of > >upgrading all of my boxes to 3.1. (3.1-REL). -- work: danderse@cs.utah.edu me: angio@pobox.com University of Utah http://www.angio.net/ Computer Science - Flux Research Group "What's footnote FIVE?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message