From owner-freebsd-security Sun Feb 25 13:36:41 2001 Delivered-To: freebsd-security@freebsd.org Received: from ohm.physics.purdue.edu (ohm.physics.purdue.edu [128.210.146.32]) by hub.freebsd.org (Postfix) with ESMTP id 735DA37B491; Sun, 25 Feb 2001 13:36:29 -0800 (PST) (envelope-from TrimYourCc@physics.purdue.edu) Received: (from will@localhost) by ohm.physics.purdue.edu (8.11.2/8.9.3) id f1PLaaW04917; Sun, 25 Feb 2001 16:36:36 -0500 (EST) (envelope-from TrimYourCc@physics.purdue.edu) X-Authentication-Warning: ohm.physics.purdue.edu: will set sender to TrimYourCc@physics.purdue.edu using -f Date: Sun, 25 Feb 2001 16:36:36 -0500 From: Will Andrews To: Jonathan Slivko Cc: FreeBSD Stable Subject: Re: Possible Security Vulnerability Message-ID: <20010225163636.H767@ohm.physics.purdue.edu> Reply-To: FreeBSD Stable References: <002901c09f72$66ebee40$660599ac@winme> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Bqc0IY4JZZt50bUr" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002901c09f72$66ebee40$660599ac@winme>; from js43064n@pace.edu on Sun, Feb 25, 2001 at 04:32:04PM -0500 X-Operating-System: FreeBSD 4.2-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Bqc0IY4JZZt50bUr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [ moved to -stable ] On Sun, Feb 25, 2001 at 04:32:04PM -0500, Jonathan Slivko wrote: > I have been testing the security on my machine (FreeBSD 4.2-STABLE) a= nd > I noticed a bug that could potentially reboot a box from any type of user, > root or regular user. What I did was I just gave the box a whole bunch of= w > commands like w;w;w;w;w, etc. and just let that run. A few seconds later, > the box coredumped and rebooted. I got this to occur several times in a r= ow. > Is this some kind of known vulnerability or is this just something that w= ill > have to be investigated further? If interested in more details, please fe= el > free to e-mail me. Thanks. That's not a security vulnerability (ie defined as something which gives an attacker elevated privileges), that's a bug. Nevertheless, I can't reproduce it.. possibly because you've given next to nothing as far as details go. --=20 wca --Bqc0IY4JZZt50bUr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6mXrjF47idPgWcsURAm2UAKCLky6aMTc/XqyF3IGLW/TZnuP5ZwCeOYFP 0inewm+mPPjN4t4M77UQIWc= =Wq9A -----END PGP SIGNATURE----- --Bqc0IY4JZZt50bUr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message