From owner-freebsd-questions@FreeBSD.ORG Mon Sep 14 19:45:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A00C2106566C; Mon, 14 Sep 2009 19:45:43 +0000 (UTC) (envelope-from dgoodin@sitpub.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.154]) by mx1.freebsd.org (Postfix) with ESMTP id E375F8FC2F; Mon, 14 Sep 2009 19:45:42 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e21so563812fga.13 for ; Mon, 14 Sep 2009 12:45:41 -0700 (PDT) Received: by 10.86.13.37 with SMTP id 37mr5235710fgm.58.1252955575181; Mon, 14 Sep 2009 12:12:55 -0700 (PDT) Received: from ?192.168.1.8? (adsl-99-32-114-22.dsl.pltn13.sbcglobal.net [99.32.114.22]) by mx.google.com with ESMTPS id d4sm13813fga.21.2009.09.14.12.12.52 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 14 Sep 2009 12:12:54 -0700 (PDT) Message-ID: <4AAE95B2.5050409@sitpub.com> Date: Mon, 14 Sep 2009 12:12:50 -0700 From: Dan Goodin User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org, press@FreeBSD.org, media@FreeBSD.org X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: reporter on deadline seeks comment about reported security bug in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dgoodin@theregister.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2009 19:45:43 -0000 Hello, Dan Goodin, a reporter at technology news website The Register. Security researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD has a security bug. He says he notified the FreeBSD Foundation on August 29 and never got a response. We'll be writing a brief article about this. Please let me know ASAP if someone cares to comment. Kind regards, Dan Goodin 415-495-5411 -------- Original Message -------- Subject: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer dereference Date: Sun, 13 Sep 2009 10:49:33 +0200 From: Przemyslaw Frasunek Organization: frasunek.com To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com References: <4A9028AC.9080902@freebsd.lublin.pl> Przemyslaw Frasunek pisze: > FreeBSD <= 6.1 suffers from classical check/use race condition on SMP There is yet another kqueue related vulnerability. It affects 6.x, up to 6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no response until now, so I won't publish any details. Sucessful exploitation yields local root and allows to exit from jail. For now, you can see demo on: http://www.vimeo.com/6554787 -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE * * Jabber ID: venglin@czuby.pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV * _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/