From owner-freebsd-hackers Wed Feb 19 12:54:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA18139 for hackers-outgoing; Wed, 19 Feb 1997 12:54:46 -0800 (PST) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA18128 for ; Wed, 19 Feb 1997 12:54:42 -0800 (PST) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.8.5/8.8.4) with SMTP id MAA17365; Wed, 19 Feb 1997 12:51:53 -0800 (PST) Message-ID: <330B64ED.794BDF32@whistle.com> Date: Wed, 19 Feb 1997 12:49:35 -0800 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: "David E. Cross" CC: freebsd-hackers@freebsd.org Subject: Re: another victim... References: <199702191745.MAA00748@phoenix.its.rpi.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk David E. Cross wrote: > > > Running what version of FreeBSD? Did you close the holes as mentioned > > in the advisories, or were you complacent until it was too late? :-) > > I am running 2.1.6-RELEASE. The closing the holes was a combination of > complacentcy, and the fact that to fix these holes you practically have to > rebuild your entire system (it is the crt0.o/setlocale() hole). > > BTW: what is the expected release date of 2.2 and 2.1.7? > > David Cross was this breach from someone logged into the system? is it possible to breach the system from outside?