Bugtraq mailing list archives

Re: FreeBSD 3.3's seyon vulnerability

From: billf () CHC-CHIMES COM (Bill Fumerola)
Date: Tue, 9 Nov 1999 11:57:30 -0500


On Mon, 8 Nov 1999, Brock Tellier wrote:

In preparing for this advisory release, I checked for "seyon" vulnerabilities
in the bugtraq archives.  I found that the exploit I had developed had already
been discussed in May 1997.  However, this does not change the fact that the
current version of FreeBSD still ships a vulnerable version with vulnerable
privs.  I believe this is still worth noting.  Here is my advisory as it was
to be published before the previous vulnerability came to light.


<not speaking on behalf of FreeBSD>

It would be nice if you:

(a) filed a pr using send-pr(1) or the web interface
or
(b) contacted security-officer () FreeBSD org
or
(c) sent mail to the maintainer of the port

to provide some sort of fighting chance before mailing Bugtraq. I'm
a huge bugtraq/full-disclosure advocate, but I also believe in giving
a group a fighting chance to fix it first.

Thanks,

--
- bill fumerola - billf () chc-chimes com - BF1560 - computer horizons corp -
- ph:(800) 252-2421 - bfumerol () computerhorizons com - billf () FreeBSD org  -

Current thread:

Insecure handling of NetSol maintainer passwords, (continued)
- - - Insecure handling of NetSol maintainer passwords jlewis () LEWIS ORG (Nov 08)
    - flaw in dmesg under Solaris echo8 (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords Jefferson Ogata (Nov 09)
    - Re: Insecure handling of NetSol maintainer passwords pedward () WEBCOM COM (Nov 10)
    - Re: Insecure handling of NetSol maintainer passwords Trevor Schroeder (Nov 10)
    - networksolutions CRYPT-PW salt (was: Re: Insecure handling of NetSol maintainer passwords) Jefferson Ogata (Nov 10)
    - [Cobalt] Security Advisory - cgiwrap Jeff Bilicki (Nov 09)
    - Re: MS Outlook alert : Cuartango Active Setup - Workaround Instructions Andy Helsby (Nov 09)
  - Remote DoS Attack in TransSoft's Broker Ftp Server v3.5 Vulnerability Ussr Labs (Nov 08)
  - FreeBSD 3.3's seyon vulnerability Brock Tellier (Nov 08)
    - Re: FreeBSD 3.3's seyon vulnerability Bill Fumerola (Nov 09)
  - Re: MS Outlook alert : Cuartango Active Setup Bronek Kozicki (Nov 09)
- IE4/5 "file://" buffer overflow UNYUN (Nov 08)
  - Re: IE4/5 "file://" buffer overflow Mikael Olsson (Nov 09)
  - (no subject) Ejovi Nuwere (Nov 09)
  - Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Ussr Labs (Nov 09)
  - Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Ussr Labs (Nov 10)
- Re: Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Chuck Phillips (Nov 07)