From owner-freebsd-security  Sun Sep  5 19:41:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 51C0C1580D
	for <freebsd-security@FreeBSD.ORG>; Sun,  5 Sep 1999 19:41:23 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA33096;
	Sun, 5 Sep 1999 20:40:44 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA01554; Sun, 5 Sep 1999 20:39:49 -0600 (MDT)
Message-Id: <199909060239.UAA01554@harmony.village.org>
To: Mohacsi Janos <mohacsi@ik.bme.hu>
Subject: Re: amd buffer overflow some Linuxes, in FreeBSD too? 
Cc: freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Thu, 02 Sep 1999 10:36:49 +0200."
		<Pine.OSF.4.10.9909021016460.12830-100000@hera.ik.bme.hu> 
References: <Pine.OSF.4.10.9909021016460.12830-100000@hera.ik.bme.hu>  
Date: Sun, 05 Sep 1999 20:39:49 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.OSF.4.10.9909021016460.12830-100000@hera.ik.bme.hu> Mohacsi Janos writes:
: Hi,
: 	There are some reports that amd is vulnerable to stack overflow
: remote root exploit attack in some Linux distribution.
: http://linuxtoday.com/stories/9440.html
: 	Can somebody check whether the FreeBSD version also vulnerable? As
: I see on the amd-dev list the amq -M code is the origin of the remote root
: exploit.

Fixes have been committed for this to FreeBSD -current, 3.2-stable and
2.2.8-stable.  Advisory is in the works.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message