From owner-freebsd-stable@FreeBSD.ORG Thu Nov 23 10:11:43 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 81CB816A415; Thu, 23 Nov 2006 10:11:43 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F02843D5C; Thu, 23 Nov 2006 10:11:07 +0000 (GMT) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.62) with esmtp (envelope-from ) id <1GnBYS-0005Yq-LU>; Thu, 23 Nov 2006 11:11:40 +0100 Received: from telesto.geoinf.fu-berlin.de ([130.133.86.198]) by inpost2.zedat.fu-berlin.de (Exim 4.62) with esmtpsa (envelope-from ) id <1GnBYS-0003kv-KT>; Thu, 23 Nov 2006 11:11:40 +0100 Message-ID: <456573DD.2020504@zedat.fu-berlin.de> Date: Thu, 23 Nov 2006 11:11:41 +0100 From: "O. Hartmann" Organization: Freie =?ISO-8859-1?Q?Universit=E4t_Berlin?= User-Agent: Thunderbird 1.5.0.8 (X11/20061110) MIME-Version: 1.0 To: Tom Samplonius References: <1273966.31164275417164.JavaMail.root@ly.sdf.com> In-Reply-To: <1273966.31164275417164.JavaMail.root@ly.sdf.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 130.133.86.198 Cc: freebsd-security@FreeBSD.org, freebsd-current@FreeBSD.org, FreeBSD Stable Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 10:11:43 -0000 Tom Samplonius wrote: > ----- O. Hartmann wrote: >> Is for these UFS bugs in FreeBSD since 6.1 a fix uderway? >> >> See: >> >> http://projects.info-pull.com/mokb/ >> >> MOKB-08-11-2006,CVE-2006-5824, MOKB-03-11-2006,CVE-2006-5679 >> > > Probably not. In both cases a "crafted filesystem" is mounted to trigger crash. Garbage in, garbage out. > > It is hardly exploitable, since only root can mount filesystems. And only root could "craft" a bogus filesystem to crash the kernel. If you are root, "reboot" is a far faster way to crash the system. > > What the MOKB people seem to leave out, is: do their "crafted filesystems" pass a "fsck -f"? If fsck says the filesystem is good, then the kernel should not crash. But I suspect that "fsck -f" would fix the filesystem. (BTW, "-f" is mandatory as I suspect that these "crafted filesystems" would have the clean flag set). If "fsck -f" fixes the filesystem, then both of these bugs are bogus. > > Tom Hello Tom. Thanks for this information. I recently saw this in MOKB and today, I read about that again the the very wide spread news ticker from the German IT magazine c't (look at http://www.heise.de/newsticker/meldung/81454, but it is in German ). From my point of view, this self-claimed 'neutral' magazine and its news can hardly vanish their Linux affinity. Regards, Oliver