From owner-freebsd-security  Mon May  3 16:29:33 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7727E14BC9
	for <security@FreeBSD.ORG>; Mon,  3 May 1999 16:29:31 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id RAA05962;
	Mon, 3 May 1999 17:29:24 -0600 (MDT)
Message-Id: <4.2.0.37.19990503172000.04f63ee0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta)
Date: Mon, 03 May 1999 17:29:20 -0600
To: "David G. Andersen" <danderse@cs.utah.edu>
From: Brett Glass <brett@lariat.org>
Subject: Re: Claimed remote reboot exploit: Real or bogus?
Cc: security@FreeBSD.ORG
In-Reply-To: <14126.11662.104650.743414@torrey.cs.utah.edu>
References: <Brett Glass's message of Mon, May 3 1999 <4.2.0.37.19990503171021.04dd6630@localhost>
 <4.2.0.37.19990503171021.04dd6630@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

If I were Jamie, I would have had a network analyzer on the line
during the "demonstration."

We've held off on installing 3.1-R on our servers because we always
wait for the second "production" point release of any major version 
before upgrading. (This policy has kept us at 2.2.8 -- plus patches 
-- for the time being.) We have come under fire on a few mailing lists 
for this, but if the exploit is for real it will vindicate our 
conservative practices yet again.

Still, the release of 3.2-R is nigh, and we DO want to install that
one. So, we'd like to see the exploit identified and squashed before 
3.2-R goes out the door.

--Brett

At 05:14 PM 5/3/99 -0600, David G. Andersen wrote:
>I've asked for a bit more information from Jamie, but that was about 3 
>minutes ago, so I don't expect to hear back quite so soon.
>
>If his boxes are being rebooted, it's probably legitimate.  Jamie's
>trustworthy, and competent.
>
>    -Dave




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message