Date: Thu, 14 Dec 2000 17:10:57 +0000 From: Frank van Vliet <karin@root66.org> To: freebsd-security@freebsd.org Subject: Re: Details of www.freebsd.org penetration Message-ID: <20001214171057.A43310@root66.org> In-Reply-To: <00c401c0666c$1f63cff0$9207c00a@local>; from JHowie@msn.com on Fri, Dec 15, 2000 at 07:53:32AM -0000 References: <20001214070649.A25429@citusc.usc.edu> <00c401c0666c$1f63cff0$9207c00a@local>
next in thread | previous in thread | raw e-mail | index | archive | help
--pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 15, 2000 at 07:53:32AM -0000, John Howie wrote: > Any chance you could let us know exactly what 'local root vulnerability' = was > exploited. As I recall it was originally stated that no weakness in FreeB= SD > itself had been leveraged. I appreciate that the hacker gained access to = the > system via CGI (and not a FreeBSD weakness) but once in he/she became root > through some other means. Was this vulnerability a configuration issue or > simply a known problem that had not been addressed? Allthou we normaly only use weaknesses created by the server admins itself,= =20 like cgi scripts made by them and configurations, this time local root was gained by a local root exploit which was an 'error' of freebsd itself.=20 Advisory about it was promised to be send weeks ago, it is fixed in FreeBSD= 4.2 Kris, this would be a nice timing for that advisory? Frank van Vliet alias {} Joost Pol alias nohican =09 --=20 RooT66: http://root66.student.utwente.nl PGP Public Key: http://root66.student.utwente.nl/frank.pub.pgp --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOjj/IOv9YnvRDibSEQKcUwCgtGPA5tbrbZUb3ELlejS1Au+QQToAn0qC Ba9b7llF3q9lXdahRZbIYxWd =Rsx+ -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001214171057.A43310>