From owner-freebsd-stable@FreeBSD.ORG Thu Nov 23 09:46:05 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9992D16A407; Thu, 23 Nov 2006 09:46:05 +0000 (UTC) (envelope-from tom@samplonius.org) Received: from ly.sdf.com (ly.sdf.com [216.113.193.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95C1F43D78; Thu, 23 Nov 2006 09:45:24 +0000 (GMT) (envelope-from tom@samplonius.org) Received: from localhost (localhost [127.0.0.1]) by ly.sdf.com (Postfix) with ESMTP id 2D26110C682; Thu, 23 Nov 2006 01:50:18 -0800 (PST) X-DSPAM-Result: Innocent X-DSPAM-Processed: Thu Nov 23 01:50:17 2006 X-DSPAM-Confidence: 0.9997 X-DSPAM-Probability: 0.0000 X-DSPAM-Signature: 45656ed9127271385515324 X-DSPAM-Factors: 27, X-Virus-Scanned: amavisd-new at X-Spam-Score: -4.202 X-Spam-Level: X-Spam-Status: No, score=-4.202 tagged_above=-10 required=6.6 tests=[ALL_TRUSTED=-1.8, AWL=0.297, BAYES_00=-2.599, DSPAM_HAM=-0.1] Received: from ly.sdf.com ([127.0.0.1]) by localhost (ly.sdf.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3GapOQs09pt2; Thu, 23 Nov 2006 01:50:17 -0800 (PST) Received: from ly.sdf.com (ly.sdf.com [216.113.193.83]) by ly.sdf.com (Postfix) with ESMTP id 5080010C681; Thu, 23 Nov 2006 01:50:17 -0800 (PST) Message-ID: <1273966.31164275417164.JavaMail.root@ly.sdf.com> Date: Thu, 23 Nov 2006 01:50:17 -0800 (PST) From: Tom Samplonius To: "O. Hartmann" In-Reply-To: <45656A3B.6000000@zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: freebsd-security@FreeBSD.org, freebsd-current@FreeBSD.org, FreeBSD Stable Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 09:46:05 -0000 ----- O. Hartmann wrote: > Is for these UFS bugs in FreeBSD since 6.1 a fix uderway? > > See: > > http://projects.info-pull.com/mokb/ > > MOKB-08-11-2006,CVE-2006-5824, MOKB-03-11-2006,CVE-2006-5679 > Probably not. In both cases a "crafted filesystem" is mounted to trigger crash. Garbage in, garbage out. It is hardly exploitable, since only root can mount filesystems. And only root could "craft" a bogus filesystem to crash the kernel. If you are root, "reboot" is a far faster way to crash the system. What the MOKB people seem to leave out, is: do their "crafted filesystems" pass a "fsck -f"? If fsck says the filesystem is good, then the kernel should not crash. But I suspect that "fsck -f" would fix the filesystem. (BTW, "-f" is mandatory as I suspect that these "crafted filesystems" would have the clean flag set). If "fsck -f" fixes the filesystem, then both of these bugs are bogus. Tom