Bugtraq mailing list archives
Re: FreeBSD 3.3's seyon vulnerability
From: billf () CHC-CHIMES COM (Bill Fumerola)
Date: Tue, 9 Nov 1999 11:57:30 -0500
On Mon, 8 Nov 1999, Brock Tellier wrote:
In preparing for this advisory release, I checked for "seyon" vulnerabilities in the bugtraq archives. I found that the exploit I had developed had already been discussed in May 1997. However, this does not change the fact that the current version of FreeBSD still ships a vulnerable version with vulnerable privs. I believe this is still worth noting. Here is my advisory as it was to be published before the previous vulnerability came to light.
<not speaking on behalf of FreeBSD> It would be nice if you: (a) filed a pr using send-pr(1) or the web interface or (b) contacted security-officer () FreeBSD org or (c) sent mail to the maintainer of the port to provide some sort of fighting chance before mailing Bugtraq. I'm a huge bugtraq/full-disclosure advocate, but I also believe in giving a group a fighting chance to fix it first. Thanks, -- - bill fumerola - billf () chc-chimes com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol () computerhorizons com - billf () FreeBSD org -
Current thread:
- Insecure handling of NetSol maintainer passwords, (continued)
- Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
- flaw in dmesg under Solaris echo8 (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
- Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
- Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
- networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
- [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
- Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
- Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
- Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
- (no subject) Ejovi Nuwere (Nov 09)
- Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Ussr Labs (Nov 09)
- Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Ussr Labs (Nov 10)