From eugen@grosbein.net Wed Feb 14 09:43:19 2024 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TZYD6180Cz595ky for ; Wed, 14 Feb 2024 09:43:34 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TZYD52R61z4GjR for ; Wed, 14 Feb 2024 09:43:33 +0000 (UTC) (envelope-from eugen@grosbein.net) Authentication-Results: mx1.freebsd.org; none Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.17.1/8.17.1) with ESMTPS id 41E9hNZJ041702 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Wed, 14 Feb 2024 09:43:23 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: ml@netfence.it Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.17.1/8.17.1) with ESMTPS id 41E9hLpi092516 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 14 Feb 2024 16:43:21 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-24:02.tty To: Andrea Venturoli , freebsd-security@freebsd.org References: <20240214070711.3259126676@freefall.freebsd.org> <40f75ef7-78d6-481e-967f-c5f258830596@netfence.it> From: Eugene Grosbein Message-ID: Date: Wed, 14 Feb 2024 16:43:19 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 In-Reply-To: <40f75ef7-78d6-481e-967f-c5f258830596@netfence.it> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT autolearn=disabled version=3.4.6 X-Spam-Report: * -0.0 SHORTCIRCUIT No description available. * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on hz.grosbein.net X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/32, country:DE] X-Rspamd-Queue-Id: 4TZYD52R61z4GjR X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated 14.02.2024 15:55, Andrea Venturoli wrote: > On 2/14/24 08:07, FreeBSD Security Advisories wrote: >> ============================================================================= >> FreeBSD-SA-24:02.tty Security Advisory >> The FreeBSD Project >> >> Topic: jail(2) information leak >> >> Category: core >> Module: jail >> Announced: 2024-02-14 >> Credits: Pawel Jakub Dawidek >> Affects: All supported versions of FreeBSD. >> Corrected: 2024-02-12 16:25:54 UTC (stable/14, 14.0-STABLE) >> 2024-02-14 06:05:46 UTC (releng/14.0, 14.0-RELEASE-p5) >> 2024-02-12 16:27:37 UTC (stable/13, 13.2-STABLE) >> 2024-02-14 06:06:01 UTC (releng/13.2, 13.2-RELEASE-p10) >> CVE Name: CVE-2024-25941 > > Hello. > > Sorry for my dumbness, but I fail to understand the severity of this problem. > Is it like drop-everything-and-patch-yesterday or take-it-easy-and-do-it-when-you-can? Low impact unless some other vulnerabilities used. > How could the extracted info (tty list) be used? Like other information leaks, to leverage complex combined attacks.