From owner-freebsd-security@FreeBSD.ORG Mon Sep 28 19:22:57 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE4221065693 for ; Mon, 28 Sep 2009 19:22:57 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 9B6958FC0C for ; Mon, 28 Sep 2009 19:22:57 +0000 (UTC) Received: from arthur.nitro.dk (arthur.bofh [192.168.2.3]) by mx.nitro.dk (Postfix) with ESMTP id E2CB92D489B; Mon, 28 Sep 2009 19:22:56 +0000 (UTC) Received: by arthur.nitro.dk (Postfix, from userid 1000) id CF6995C17; Mon, 28 Sep 2009 21:22:56 +0200 (CEST) Date: Mon, 28 Sep 2009 21:22:56 +0200 From: "Simon L. Nielsen" To: Mike Tancsa Message-ID: <20090928192256.GC2111@arthur.nitro.dk> References: <4AAF45B4.60307@isafeelin.org> <4AAF5999.7020501@delphij.net> <200909251248.n8PCmJPY011925@lava.sentex.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200909251248.n8PCmJPY011925@lava.sentex.ca> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Sep 2009 19:22:57 -0000 On 2009.09.25 08:52:25 -0400, Mike Tancsa wrote: > At 05:08 AM 9/15/2009, Xin LI wrote: > >Frederique Rijsdijk wrote: > > > Hi, > > > > > > Any info on this subject on > > > > > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ > > > >Currently we (secteam@) are testing the correction patch and do > >peer-review on the security advisory draft, the bug was found and fixed > >on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was > >not recognized as a security vulnerability at that time. The exploit > >code has to be executed locally, i.e. either by an untrusted local user, > >or be exploited in conjunction with some remote vulnerability on > >applications that allow the attacker to inject their own code. > > > >We can not release further details about the problem at this time, > >though, but I think we will likely to publish the advisory and > >correction patch this patch Wednesday. > > Just wondering if there is any update on this issue ? It turned out more difficult to fix than expected and we (secteam) didn't handle that as well as we should have, but I think we are almost there so the advisory should be out soon - sometime this week at the latest. Sorry about the delay - this should have been fixed by now. -- Simon L. Nielsen FreeBSD Deputy Security Officer