Re: Possible Security Vulnerability

From: Will Andrews (TrimYourCc@physics.purdue.edu)
Date: 02/25/01


Date: Sun, 25 Feb 2001 16:36:36 -0500
From: Will Andrews <TrimYourCc@physics.purdue.edu>
To: Jonathan Slivko <js43064n@pace.edu>



[ moved to -stable ]

On Sun, Feb 25, 2001 at 04:32:04PM -0500, Jonathan Slivko wrote:
> I have been testing the security on my machine (FreeBSD 4.2-STABLE) and
> I noticed a bug that could potentially reboot a box from any type of user,
> root or regular user. What I did was I just gave the box a whole bunch of w
> commands like w;w;w;w;w, etc. and just let that run. A few seconds later,
> the box coredumped and rebooted. I got this to occur several times in a row.
> Is this some kind of known vulnerability or is this just something that will
> have to be investigated further? If interested in more details, please feel
> free to e-mail me. Thanks.

That's not a security vulnerability (ie defined as something which gives
an attacker elevated privileges), that's a bug. Nevertheless, I can't
reproduce it.. possibly because you've given next to nothing as far as
details go.

-- 
wca

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: reporter on deadline seeks comment about reported security bug in FreeBSD
    ... Then the security team will make sure to fix the bug for all ... security information web pages at. ... Your work will only improve FreeBSD and I would like to thank you kindly for ...
    (freebsd-questions)
  • Re: local exploit
    ... :i wanna ask about Security of FreeBSD 3.4 and 4.x ... :on FreeBSD-3.4 there are local exploit that hack chpass ... So the answer is that by the time FreeBSD-4.1, this bug was ...
    (FreeBSD-Security)
  • Re: reporter on deadline seeks comment about reported security bug in FreeBSD
    ... Then the security team will make sure to fix the bug for all ... affected releases of FreeBSD, release a patch with the fix, issue an ... security information web pages at. ...
    (freebsd-questions)
  • Risks Digest 27.76
    ... UMD security breach exposes personal info of students, faculty, staff ... Gox Shakes Bitcoin World - NYTimes.com ... On the Suspicious Timing of iOS's SSL Vulnerability (John Gruber via ... Subject: iPhone's Critical Security Bug: a Single Bad `Goto' ...
    (comp.risks)
  • RE: PAWS security vulnerability
    ... FreeBSD security list" isn't grammatically correct. ... "I told you to post the patch and info to the appropriate FreeBSD security ... "...This point and others are often discussed on the mailing lists, ...
    (freebsd-questions)