Re: Possible exploit in FreeBSD 4.0

[The Psychotic Viper <psyv () FUZION ZA ORG>]

Hi

On Thu, 26 Oct 2000, John Herron wrote:

> I appollogize that I haven't had the proper time to test this more.
> I just wanted to make people aware of this possibility.
>
> Here's what happened:
>
> I was telnetting to my FreeBSD 4.0 box, and was going to add a java
> program to it but realized I didn't have XFree86 or anything installed
> (no GUI) and lots of other stuff wasn't installed either.  So I ran
> "/stand/sysinstall" to start installing stuff (this is a 1GB IDE HD
> btw) anyway, figuring that I could PROBABLY fit all the programs the
> CD had on it on my HD I told it to give me "all" the stuff, etc, etc.
> After 2 or so hours of installing, I finally got a HD full error so I
> had to tell it "no, don't try to get the file again", and this went on
> for a bit.  Finally the program quit with some fail error.
Just want to find out what type of install method you chose i.e. did you
only chose to install selected packages or any other method and secondly
did any of the original accounts from before the package installs still
exist in the passwd and/or shadow file. Just want some more info on the
error :)

Thanx
PsyV