Date: Thu, 06 Mar 2003 17:34:36 +0100 From: "Guy P." <guy@device.dyndns.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Prov. patch for the file hole ISS disclosed Message-ID: <5.1.1.6.0.20030306172440.00a6e100@device.dyndns.org> In-Reply-To: <20030306154138.GA33430@madman.celabo.org> References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 16:41 06/03/2003, Jacques A. Vidrine wrote:
>[I guess you mean iDEFENSE. Comparing the sendmail issue and
> this file issue gives you a pretty good idea of the difference
> between ISS and iDEFENSE :-) ]
>
>On Thu, Mar 06, 2003 at 03:15:47PM +0100, Guy Poizat wrote:
> > Here is my suggestion. Feel free to comment/correct me,
> > as this is my first ever C line out of a windows system :]
> > I tested it against RELENG_4.
>
>Thanks! However, this has already been fixed in -CURRENT (by import
>of FILE 3.41). I do not know whether or not David plans to MFC in
>time for 4.8-RELEASE.
This, IMO, would be a good idea, as probably many third party utilities are
using the file command.
For instance, i decided to fix that quick because i use amavis for wiping
viruses out of emails attachements, which seems to be using file during its
scanning process. As the exploit looks like fairly easy to build, i can
nearly imagine a new worm taking advantage of it...
My idea is not to stress you, just wanted to be sure everybody understand
it could be a remote compromise of some sort too :]
--
Guy P.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.1.6.0.20030306172440.00a6e100>