From owner-freebsd-security Wed Jun 26 18:20:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from patrocles.silby.com (d185.as9.nwbl0.wi.voyager.net [169.207.133.251]) by hub.freebsd.org (Postfix) with ESMTP id 9B2F937DAD8 for ; Wed, 26 Jun 2002 18:15:38 -0700 (PDT) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.4/8.12.4) with ESMTP id g5R1Hvcv065466; Wed, 26 Jun 2002 20:17:57 -0500 (CDT) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.4/8.12.4/Submit) with ESMTP id g5R1Htq7065463; Wed, 26 Jun 2002 20:17:57 -0500 (CDT) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Wed, 26 Jun 2002 20:17:55 -0500 (CDT) From: Mike Silbersack To: Julian Elischer Cc: security@freebsd.org Subject: Re: FreeBSD vuln... In-Reply-To: Message-ID: <20020626201647.X65219-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 26 Jun 2002, Julian Elischer wrote: > now we are replacing apace on their systems but does anyone know what the > memcpy bug is? > > I know that the OpenBSD exploit aparently uses memcpy but does anyone have > details on the FreeBSD exploit? > > (private mails encouraged) > > Julian The memcpy "bug" is the same on FreeBSD and OpenBSD, it's the vector that lets you get nobody access. Breaking into root would have to be through some local hole. (AFAIK) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message