From owner-freebsd-security Thu Aug 28 07:31:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA00655 for security-outgoing; Thu, 28 Aug 1997 07:31:19 -0700 (PDT) Received: from clifford.inch.com (omar@clifford.inch.com [207.240.140.163]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA00649 for ; Thu, 28 Aug 1997 07:31:14 -0700 (PDT) Received: (from omar@localhost) by clifford.inch.com (8.8.5/8.8.5) id KAA28495; Thu, 28 Aug 1997 10:29:57 -0400 Message-ID: <19970828102957.48802@clifford.inch.com> Date: Thu, 28 Aug 1997 10:29:57 -0400 From: Omar Thameen To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-97:04.procfs References: <199708261803.UAA00666@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.81 In-Reply-To: <199708261803.UAA00666@gvr.gvr.org>; from FreeBSD Security Officer on Tue, Aug 26, 1997 at 08:01:00PM +0200 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk What's the official word on whether 2.1.7 is vulnerable? I know below says that 2.1.* is, but the previous discussion indicated that it was not. I personally haven't gotten the exploit to work, but I may be doing something wrong. Omar On Tue, Aug 26, 1997 at 08:01:00PM +0200, FreeBSD Security Officer wrote: > > > ============================================================================= > FreeBSD-SA-97:04 Security Advisory > FreeBSD, Inc. > > Topic: security compromise via procfs > > Category: core > Module: procfs > Announced: 1997-08-19 > Affects: FreeBSD 2.1.*, FreeBSD 2.2.*, > FreeBSD-stable and FreeBSD-current > before 1997/08/12 suffer from this problem. > Corrected: FreeBSD-current as of 1997/08/12 > FreeBSD-stable as of 1997/08/12 > FreeBSD 2.1-stable as of 1997/08/25 > FreeBSD only: no (also other BSD systems may be affected) > > Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:04/ > > ============================================================================= [...]