Date: Mon, 03 May 1999 17:29:20 -0600 From: Brett Glass <brett@lariat.org> To: "David G. Andersen" <danderse@cs.utah.edu> Cc: security@FreeBSD.ORG Subject: Re: Claimed remote reboot exploit: Real or bogus? Message-ID: <4.2.0.37.19990503172000.04f63ee0@localhost> In-Reply-To: <14126.11662.104650.743414@torrey.cs.utah.edu> References: <Brett Glass's message of Mon, May 3 1999 <4.2.0.37.19990503171021.04dd6630@localhost> <4.2.0.37.19990503171021.04dd6630@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
If I were Jamie, I would have had a network analyzer on the line during the "demonstration." We've held off on installing 3.1-R on our servers because we always wait for the second "production" point release of any major version before upgrading. (This policy has kept us at 2.2.8 -- plus patches -- for the time being.) We have come under fire on a few mailing lists for this, but if the exploit is for real it will vindicate our conservative practices yet again. Still, the release of 3.2-R is nigh, and we DO want to install that one. So, we'd like to see the exploit identified and squashed before 3.2-R goes out the door. --Brett At 05:14 PM 5/3/99 -0600, David G. Andersen wrote: >I've asked for a bit more information from Jamie, but that was about 3 >minutes ago, so I don't expect to hear back quite so soon. > >If his boxes are being rebooted, it's probably legitimate. Jamie's >trustworthy, and competent. > > -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990503172000.04f63ee0>