From owner-freebsd-security Fri Jun 2 15:42:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from reddog.yi.org (ls-tc01-13.nothinbut.net [207.44.35.27]) by hub.freebsd.org (Postfix) with ESMTP id ACC9837C06C for ; Fri, 2 Jun 2000 15:42:33 -0700 (PDT) (envelope-from ai32@drexel.edu) Received: from reddog.yi.org (localhost [127.0.0.1]) by reddog.yi.org (Postfix) with SMTP id 2879257C; Fri, 2 Jun 2000 18:43:32 -0500 (EST) From: specter To: Fernando Schapachnik Subject: Re: gnapster dos(?) Date: Fri, 2 Jun 2000 18:39:45 -0500 X-Mailer: Unknown Abusive Thing Content-Type: text/plain Cc: freebsd-security@FreeBSD.ORG References: <200006021152.IAA24368@ns1.via-net-works.net.ar> In-Reply-To: <200006021152.IAA24368@ns1.via-net-works.net.ar> MIME-Version: 1.0 Message-Id: <00060218433200.01590@reddog.yi.org> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 02 Jun 2000, Fernando Schapachnik wrote: > If I'm not wrong this was published in bugtraq a while ago... > > Regards! [...] If you are referring to FreeBSD-SA-00:18, that's a different thing. The issue there was that anyone could read any file (with the UID of the person running gnapster) on the system. This is a DoS, it crashes gnapster. P.S. The vulnerability you are referring to was fixed in 1.3.9 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message