Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Nov 2006 11:11:41 +0100
From:      "O. Hartmann" <ohartman@zedat.fu-berlin.de>
To:        Tom Samplonius <tom@samplonius.org>
Cc:        freebsd-security@FreeBSD.org, freebsd-current@FreeBSD.org, FreeBSD Stable <freebsd-stable@freebsd.org>
Subject:   Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
Message-ID:  <456573DD.2020504@zedat.fu-berlin.de>
In-Reply-To: <1273966.31164275417164.JavaMail.root@ly.sdf.com>
References:  <1273966.31164275417164.JavaMail.root@ly.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Tom Samplonius wrote:
> ----- O. Hartmann <ohartman@zedat.fu-berlin.de> wrote:
>> Is for these UFS bugs in FreeBSD since 6.1 a fix uderway?
>>
>> See:
>>
>> http://projects.info-pull.com/mokb/
>>
>> MOKB-08-11-2006,CVE-2006-5824, MOKB-03-11-2006,CVE-2006-5679
>>
> 
>   Probably not.  In both cases a "crafted filesystem" is mounted to trigger crash.  Garbage in, garbage out.
> 
>   It is hardly exploitable, since only root can mount filesystems.  And only root could "craft" a bogus filesystem to crash the kernel.  If you are root, "reboot" is a far faster way to crash the system.
> 
>   What the MOKB people seem to leave out, is:  do their "crafted filesystems" pass a "fsck -f"?  If fsck says the filesystem is good, then the kernel should not crash.  But I suspect that "fsck -f" would fix the filesystem.  (BTW, "-f" is mandatory as I suspect that these "crafted filesystems" would have the clean flag set).  If "fsck -f" fixes the filesystem, then both of these bugs are bogus.
> 
> Tom


Hello Tom.
Thanks for this information. I recently saw this in MOKB and today, I 
read about that again the the very wide spread news ticker from the 
German IT magazine c't (look at 
http://www.heise.de/newsticker/meldung/81454, but it is in German ).

 From my point of view, this self-claimed 'neutral' magazine and its 
news  can hardly vanish their Linux affinity.

Regards,
Oliver

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?456573DD.2020504>