From owner-freebsd-security Thu Mar 28 7: 5:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 51D2737B41E for ; Thu, 28 Mar 2002 07:05:17 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id AFF5254; Thu, 28 Mar 2002 09:05:12 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g2SF5CG01864; Thu, 28 Mar 2002 09:05:12 -0600 (CST) (envelope-from nectar) Date: Thu, 28 Mar 2002 09:05:12 -0600 From: "Jacques A. Vidrine" To: David Pick Cc: Brett Glass , security@FreeBSD.ORG Subject: Re: Is FreeBSD susceptible to this vulnerability? Message-ID: <20020328150512.GC1421@madman.nectar.cc> References: <4.3.2.7.2.20020328072932.03228b20@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Mar 28, 2002 at 02:58:11PM +0000, David Pick wrote: > The FreeBSD default configuratin *is* vulnerable Did I miss something? I do not believe it is. xdm is not run by default, and the default configuration file disallows remote connections even if it is. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message