Date: Mon, 28 Sep 2009 21:22:56 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) Message-ID: <20090928192256.GC2111@arthur.nitro.dk> In-Reply-To: <200909251248.n8PCmJPY011925@lava.sentex.ca> References: <4AAF45B4.60307@isafeelin.org> <4AAF5999.7020501@delphij.net> <200909251248.n8PCmJPY011925@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2009.09.25 08:52:25 -0400, Mike Tancsa wrote: > At 05:08 AM 9/15/2009, Xin LI wrote: > >Frederique Rijsdijk wrote: > > > Hi, > > > > > > Any info on this subject on > > > > > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ > > > >Currently we (secteam@) are testing the correction patch and do > >peer-review on the security advisory draft, the bug was found and fixed > >on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was > >not recognized as a security vulnerability at that time. The exploit > >code has to be executed locally, i.e. either by an untrusted local user, > >or be exploited in conjunction with some remote vulnerability on > >applications that allow the attacker to inject their own code. > > > >We can not release further details about the problem at this time, > >though, but I think we will likely to publish the advisory and > >correction patch this patch Wednesday. > > Just wondering if there is any update on this issue ? It turned out more difficult to fix than expected and we (secteam) didn't handle that as well as we should have, but I think we are almost there so the advisory should be out soon - sometime this week at the latest. Sorry about the delay - this should have been fixed by now. -- Simon L. Nielsen FreeBSD Deputy Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090928192256.GC2111>