From owner-freebsd-security Mon Apr 9 6:48:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 9203737B422 for ; Mon, 9 Apr 2001 06:48:32 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id JAA19494; Mon, 9 Apr 2001 09:48:23 -0400 (EDT) (envelope-from str) From: Igor Roshchin Message-Id: <200104091348.JAA19494@giganda.komkon.org> Subject: Re: local exploit In-Reply-To: <01040908025501.11342@descrypt.com> from "David" at "Apr 9, 2001 08:02:55 am" To: David Date: Mon, 9 Apr 2001 09:48:22 -0400 (EDT) Cc: freebsd-security@FreeBSD.ORG, riki@maiser.unila.ac.id X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David @ Serpant Technologies: Please, learn to be polite and less snobby. Not everybody speaks your native language well, but do you speak other people's native languages at all ? Despite being written in broken English, the text is clear enough, and if you don't understand, it might be you who needs to learn English. Yai: Yes, chpass in FreeBSD-3.4 is vulnerable. You can find the description of the vulnerability at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A58.chpass.asc It was corrected as of: Corrected: 2000/07/20 (FreeBSD 4.0-STABLE) 2000/10/04 (FreeBSD 3.5.1-STABLE) Security advisories for other vulnerabilities can be found at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/ Hope, that helps. Igor > Please learn to speak english better, or have someone help you write emails. > Your hacked up english barely makes sense, and one can only guess what you > mean. Also 3.4 is not supported anymore (unless I missed something), so > unless you wish to upgrade to a version which is, you're on your own. > > > On Monday 09 April 2001 04:34, you wrote: > > hai guys.,. > > > > i wanna ask about Security of FreeBSD 3.4 and 4.x > > > > on FreeBSD-3.4 there are local exploit that hack chpass > > > > i am ever hacked by my user with local-exploit tha can setiud root.,. > > > > then i try to chmod o-x chpass > > > > IT WORK !!! > > others cannot exploit on my machines again > > > > but i never find local exploit for FreeBSD-4.1 version > > > > are there big different that 4.1 more secure for exploit ?? > > thank's > > > > >>>>>>>>>>>>>>>>>*****<<<<<<<<<<<<<<<<< > > > > riki@unila.ac.id > > visit my homepage and sign my guestbook > > http://unilanet.unila.ac.id/~qq > > --------------------------------------- > > --------------------------------------- > > & > > __& &__ > > // \\ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message