From owner-freebsd-security@FreeBSD.ORG Thu Mar 15 12:11:28 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8C02716A401 for ; Thu, 15 Mar 2007 12:11:28 +0000 (UTC) (envelope-from info@plot.uz) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.251]) by mx1.freebsd.org (Postfix) with ESMTP id 435FB13C469 for ; Thu, 15 Mar 2007 12:11:28 +0000 (UTC) (envelope-from info@plot.uz) Received: by an-out-0708.google.com with SMTP id c24so127389ana for ; Thu, 15 Mar 2007 05:11:27 -0700 (PDT) Received: by 10.100.45.10 with SMTP id s10mr329156ans.1173960687444; Thu, 15 Mar 2007 05:11:27 -0700 (PDT) Received: from plot.uz ( [83.221.182.63]) by mx.google.com with ESMTP id c29sm1017445anc.2007.03.15.05.11.26; Thu, 15 Mar 2007 05:11:27 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham version=3.1.7 X-Spam-Report: Received: from localhost by plot.uz (MDaemon PRO v9.5.5) with DomainPOP id md50000000598.msg for ; Thu, 15 Mar 2007 17:11:09 +0500 Delivered-To: info@plot.uz Received: by 10.100.92.15 with SMTP id p15cs247063anb; Thu, 15 Mar 2007 05:10:53 -0700 (PDT) Received: by 10.100.121.12 with SMTP id t12mr336752anc.1173960653185; Thu, 15 Mar 2007 05:10:53 -0700 (PDT) Received: from pobox.codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by mx.google.com with ESMTP id a1si2286469ugf.2007.03.15.05.10.50; Thu, 15 Mar 2007 05:10:53 -0700 (PDT) Received-SPF: pass (google.com: domain of rea-fbsd@codelabs.ru designates 144.206.177.45 as permitted sender) Received: from codelabs.ru (pobox.codelabs.ru [144.206.177.45]) by pobox.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1HRon9-00030E-KN; Thu, 15 Mar 2007 15:10:47 +0300 Date: Thu, 15 Mar 2007 15:10:43 +0300 To: Robert Watson Message-ID: <20070315121042.GB97072@codelabs.ru> References: <20070314074510.GH99047@codelabs.ru> <20070315120009.A60010@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20070315120009.A60010@fledge.watson.org> X-Return-Path: rea-fbsd@codelabs.ru X-Envelope-From: rea-fbsd@codelabs.ru X-MDaemon-Deliver-To: freebsd-security@freebsd.org X-Spam-Processed: plot.uz, Thu, 15 Mar 2007 17:11:10 +0500 From: Eygene Ryabinkin X-Mailman-Approved-At: Thu, 15 Mar 2007 12:21:25 +0000 Cc: freebsd-security@freebsd.org Subject: Re: OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2007 12:11:28 -0000 Robert, good day. > Sorry for the delayed response on this -- I've only just returned from Tokyo in > the last day and am significantly behind in e-mail from the trip. > > According to a source analysis by Jinmei, we are not vulnerable, but I will > continue tracking the thread. Apparently this vulnerability involved an issue > in the handling of M_EXT, and our implementation of clusters differs > significantly from OpenBSD, so it seems likely we are not affected. OK, thanks for the analysis and sorry for the noise. > If we > discover any information to the contrary, you can be sure that we will get it > fixed and release an advisory! Very good, thank you. -- Eygene