From owner-freebsd-security Thu Jan 20 12:38:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id 9F74C1522C; Thu, 20 Jan 2000 12:38:42 -0800 (PST) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 20 Jan 2000 20:38:41 +0000 (GMT) Date: Thu, 20 Jan 2000 20:38:40 +0000 From: David Malone To: Mike Tancsa Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org, security-officer@freebsd.org Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <20000120203840.A49511@walton.maths.tcd.ie> References: <3.0.5.32.20000120152818.01d7fa40@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3.0.5.32.20000120152818.01d7fa40@staff.sentex.ca>; from mike@sentex.net on Thu, Jan 20, 2000 at 03:28:18PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 20, 2000 at 03:28:18PM -0500, Mike Tancsa wrote: > > Can anyone confirm the bugtraq posting ? Are the freebsd folks working on > a fix ? If so, what versions are effected ? It was mentioned on freebsd-net a few days ago. Jordan said someone was working on a fix. The kernel message mentioned seems to only occur in an old sound driver: % find . -type f -print | xargs fgrep -i "list empty" ./i386/isa/sound/gustest/Attic/midithru.c,v: if (!nlen) {fprintf(stderr, "Free list empty but no notes playing\n");return;} /* No notes playing */ Which seems unlikely to be involved with the attack. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message