Date: Thu, 26 Aug 1999 10:55:18 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Gregory Sutter <gsutter@pobox.com> Cc: security-officer@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD (and other BSDs?) local root explot] Message-ID: <Pine.BSF.3.96.990826105324.4391F-100000@anchovy.orem.iserver.com> In-Reply-To: <19990826094910.F20512@forty-two.egroups.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Aug 1999, Gregory Sutter wrote: > This claims to describe a FreeBSD root exploit, and was just posted > to BugTraq. ... and was posted to freebsd-security yesterday. ;-) > bug in fts_print function allows to overwrite any file in system, when > running /etc/security script (executed from 'daily' scripts). > > affected systems: > - freebsd (all versions) > - probably openbsd/netbsd > > fix: > - limit root's coredump size > - patch libc Tested and works on 3.2-STABLE of last week. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990826105324.4391F-100000>