From owner-freebsd-security Fri Aug 27 14:48:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1F4C4155D1 for ; Fri, 27 Aug 1999 14:47:38 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA90905; Fri, 27 Aug 1999 15:47:23 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA76221; Fri, 27 Aug 1999 15:48:52 -0600 (MDT) Message-Id: <199908272148.PAA76221@harmony.village.org> To: "Sean O'Connell" Subject: Re: Chflags vulnerability in FreeBSD? Cc: FreeBSD security In-reply-to: Your message of "Fri, 27 Aug 1999 10:08:07 EDT." <19990827100807.P28256@stat.Duke.EDU> References: <19990827100807.P28256@stat.Duke.EDU> Date: Fri, 27 Aug 1999 15:48:52 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19990827100807.P28256@stat.Duke.EDU> "Sean O'Connell" writes: : I received the following from SANS (www.sans.org) and it initimated : that there is a vulnerability in FreeBSD that had previously been : thought to only exist in BSDi: Been there, fixed that. I'm waiting to get my account on ftp.cdrom.com to issue the advisory. I'd post a copy of it, but that would cause more problems that it will solve. SANS has been notified. They didn't read enough bugtraq before putting that message out, since a couple of messages subsequently in the thread set the record state. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message