From owner-freebsd-security@FreeBSD.ORG Fri Oct 2 05:28:58 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9E6CA106566B; Fri, 2 Oct 2009 05:28:58 +0000 (UTC) (envelope-from jmarneweck@gmail.com) Received: from mail-fx0-f222.google.com (mail-fx0-f222.google.com [209.85.220.222]) by mx1.freebsd.org (Postfix) with ESMTP id 083948FC0A; Fri, 2 Oct 2009 05:28:57 +0000 (UTC) Received: by fxm22 with SMTP id 22so833137fxm.36 for ; Thu, 01 Oct 2009 22:28:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=g45LdwAMxulv6+d2/3PAKiGKhs5504YYdEWhh5pTKi8=; b=nTKBostVsLD0M5zT3tgZal0buD0WFXcDolCUDyDSP7KlZv84+M2583GWeQeCFAXkgz qa9RHmffWyTALXzFyUIHazU3o4ZEvPXYnoJJ9RfsjCX290TrOWZIU1W06wUHhwP0QkvY zJmX693GdBpVtg01TLsUfbrbWUYlASXeWAev8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=i3WjRlybbWZ4NT8Hn0pdYmPQzWzLsO4wQbV8LCt0pkBXRaP6eOLN/4bhS3Ml1FP2dz 9Acn2faKJ4K+teRxrATHWwI77iljexdOXOSIlS6O434+Ql8rNRUtIaZg7/JwlzFzX0bX Bu6y99y9MoMh6bj7xRwF3RZX/hmlnxecL+yw8= MIME-Version: 1.0 Received: by 10.102.236.29 with SMTP id j29mr771015muh.68.1254459624910; Thu, 01 Oct 2009 22:00:24 -0700 (PDT) In-Reply-To: <20090928192256.GC2111@arthur.nitro.dk> References: <4AAF45B4.60307@isafeelin.org> <4AAF5999.7020501@delphij.net> <200909251248.n8PCmJPY011925@lava.sentex.ca> <20090928192256.GC2111@arthur.nitro.dk> Date: Fri, 2 Oct 2009 07:00:24 +0200 Message-ID: <4802d0520910012200p271a2d5awc5e69b9ab1235851@mail.gmail.com> From: Jacques Marneweck To: "Simon L. Nielsen" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, d@delphij.net Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2009 05:28:58 -0000 Hi Simon, Is there any further feedback regarding this bug? Has anyone tested to see if this also affects FreeBSD 5.x? Regards --jm On Mon, Sep 28, 2009 at 9:22 PM, Simon L. Nielsen wrote= : > On 2009.09.25 08:52:25 -0400, Mike Tancsa wrote: >> At 05:08 AM 9/15/2009, Xin LI wrote: >> >Frederique Rijsdijk wrote: >> > > Hi, >> > > >> > > Any info on this subject on >> > > >> > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ >> > >> >Currently we (secteam@) are testing the correction patch and do >> >peer-review on the security advisory draft, the bug was found and fixed >> >on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but wa= s >> >not recognized as a security vulnerability at that time. =C2=A0The expl= oit >> >code has to be executed locally, i.e. either by an untrusted local user= , >> >or be exploited in conjunction with some remote vulnerability on >> >applications that allow the attacker to inject their own code. >> > >> >We can not release further details about the problem at this time, >> >though, but I think we will likely to publish the advisory and >> >correction patch this patch Wednesday. >> >> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Just wondering if there is any update = on this issue ? > > It turned out more difficult to fix than expected and we (secteam) > didn't handle that as well as we should have, but I think we are > almost there so the advisory should be out soon - sometime this week > at the latest. > > Sorry about the delay - this should have been fixed by now. > > -- > Simon L. Nielsen > FreeBSD Deputy Security Officer --=20 Jacques Marneweck http://www.powertrip.co.za/ http://www.powertrip.co.za/blog/ http://www.ataris.co.za/ #include