Date: Thu, 14 Dec 2000 08:28:14 -0800 From: Kris Kennaway <kris@freebsd.org> To: John Howie <JHowie@msn.com> Cc: security@freebsd.org Subject: procfs vulnerability (Re: Details of www.freebsd.org penetration) Message-ID: <20001214082814.A25963@citusc.usc.edu> In-Reply-To: <00c401c0666c$1f63cff0$9207c00a@local>; from JHowie@msn.com on Fri, Dec 15, 2000 at 07:53:32AM -0000 References: <20001214070649.A25429@citusc.usc.edu> <00c401c0666c$1f63cff0$9207c00a@local>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 15, 2000 at 07:53:32AM -0000, John Howie wrote: > Kris, >=20 > Any chance you could let us know exactly what 'local root vulnerability' = was > exploited. As I recall it was originally stated that no weakness in FreeB= SD > itself had been leveraged. I appreciate that the hacker gained access to = the No, I said that it was not a vulnerability in FreeBSD which allowed the initial penetration. The attackers wouldn't have been able to get in if this was any old FreeBSD system that wasn't running dodgy CGI scripts. > system via CGI (and not a FreeBSD weakness) but once in he/she became root > through some other means. Was this vulnerability a configuration issue or > simply a known problem that had not been addressed? The latter :-( In fact it was a problem which was brought to our attention a few days prior by the same guys who did the penetration - unfortunately it's taken us rather longer than I would have liked to get it fixed and an advisory released, a combination of the people involved being busy travelling, or just busy. However we've finally got it all together, it seems, and so an advisory should be out on Monday. If I'd known how long it would take to get the problem fixed I would have released details informally before now - I can only apologise for the delay, although to my knowledge this vulnerability is not yet widely known - basically there are several local root exploits in procfs: wait for the advisory for more details, unmount procfs now on your multi-user systems. Kris --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6OPUeWry0BWjoQKURAjBAAJoCMiuv0BVNRDdQyW8IoWAp6JpSkwCeLurK NW+h1yBYhYDcDrC6jejY8mY= =sLQa -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001214082814.A25963>