From owner-freebsd-security@FreeBSD.ORG  Tue Dec  1 12:06:44 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D101106568D
	for <freebsd-security@freebsd.org>;
	Tue,  1 Dec 2009 12:06:44 +0000 (UTC)
	(envelope-from jan.muenther@nruns.com)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.186])
	by mx1.freebsd.org (Postfix) with ESMTP id E81FB8FC08
	for <freebsd-security@freebsd.org>;
	Tue,  1 Dec 2009 12:06:43 +0000 (UTC)
Received: from carton-rouge.local (p579F8DE5.dip.t-dialin.net [87.159.141.229])
	by mrelayeu.kundenserver.de (node=mreu2) with ESMTP (Nemesis)
	id 0MWOFC-1NeJYP1Mk6-00XkmR; Tue, 01 Dec 2009 12:53:47 +0100
Message-ID: <4B1503CB.3080405@nruns.com>
Date: Tue, 01 Dec 2009 12:53:47 +0100
From: Jan Muenther <jan.muenther@nruns.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: Alex Huth <a.huth@tmr.net>
References: <200912010120.nB11Kjm9087476@freefall.freebsd.org>	<ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb+hiG8R4R8/VS21128>
	<20091201114845.359731A828F@mailv.nruns.com>
In-Reply-To: <20091201114845.359731A828F@mailv.nruns.com>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Provags-ID: V01U2FsdGVkX1/iPsESUo8h86K2Ym3YELmTeN2GVLpM6iCj/Ht
	Wim6yHvmkqLhJ1+17HQnXWMwplRbCrYO1kKKMdQANir7UVhTU5
	oh64AOSnPmjDd24K88HUCeoH6ojteZ+
Cc: freebsd-security@freebsd.org
Subject: Re: Upcoming FreeBSD Security Advisory
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 12:06:44 -0000

Hi,
> I am new to patching systems, so forgive "stupid" questions. We have some 6.1
> systems. Are or will there be a patch for them or are they not involved in
> this problem?
>
> I am new to patching systems, so forgive me any stupid questions. We have some
> 6.1 and 6.3 systems. Are or will there be patches fro them or are they not
> involved in this problem?
>
> How do i apply such a patch? With freebsd-update? As far as i know is this
> tool only for systems >= 6.3 or?
>   
Patches are patches for the source code, so you'll have to apply them
with the patch(1) program and then re-compile.
I'd be greatly surprised if the affected code looked different in 6.x.

The bug itself is fairly interesting actually, if only for the reason
that it displays what can happen if you don't check return values -
other prime example of this causing security issues that I can think of
off the top of my head are Windows impersonation bugs.

stealth wrote this up:
http://xorl.wordpress.com/2009/12/01/freebsd-ld_preload-security-bypass/

Maybe that sheds some light.

Cheers,
Jan