From owner-freebsd-bugs  Fri Oct 31 06:27:03 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id GAA10264
          for bugs-outgoing; Fri, 31 Oct 1997 06:27:03 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: from arden.iss.net (arden.iss.net [208.21.0.8])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id GAA10257
          for <freebsd-bugs@FreeBSD.ORG>; Fri, 31 Oct 1997 06:26:58 -0800 (PST)
          (envelope-from xforce@arden.iss.net)
Received: from localhost (xforce@localhost) by arden.iss.net (8.8.5/8.7.3) with SMTP id JAA13637; Fri, 31 Oct 1997 09:26:56 -0500
Date: Fri, 31 Oct 1997 09:26:56 -0500 (EST)
From: X-Force <xforce@iss.net>
Reply-To: X-Force <xforce@iss.net>
To: freebsd-bugs@FreeBSD.ORG
cc: X-Force <xforce@arden.iss.net>
Subject: FreeBSD open() Vulnerability
Message-ID: <Pine.LNX.3.95.971031092524.13604A-100000@arden.iss.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Here is a preview of our ISS Summary that is going out on November 5,
1997.  This is for you to review for any possible additions or corrections
as well as make you aware of this Summary before it goes to our clients
and the public.

Any feedback would be appreciated.

Sincerely,
X-Force <xforce@iss.net>

___

Date Reported:          10/29/97
Vulnerability:          FreeBSD-open
Affected Platforms:     FreeBSD (2.1.x, 2.2.x)
                        FreeBSD-stable
                        FreeBSD-current
Risk Factor:            High

A problem exists in in the way that FreeBSD's open() system call obtains
the right to execute io instructions.  This problem has been corrected in
versions of FreeBSD-stable as of 10/23/97 and FreeBSD-current as of
10/24/97.

Reference:
ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A05.open.asc
___