Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Nov 2006 22:24:12 +0100
From:      Lutz Boehne <lboehne@damogran.de>
To:        freebsd-security@freebsd.org
Subject:   Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
Message-ID:  <456762FC.90108@damogran.de>
In-Reply-To: <20061124160356.2c215381.wmoran@collaborativefusion.com>
References:  <45656A3B.6000000@zedat.fu-berlin.de>	<20061123213656.GA26275@walton.maths.tcd.ie>	<200611231742.01418.josh@tcbug.org> <4567504E.6040601@damogran.de>	<20061124151543.03f06b19.wmoran@collaborativefusion.com>	<20061124204111.GA3431@owl.midgard.homeip.net> <20061124160356.2c215381.wmoran@collaborativefusion.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[It's just a panic]
I was so transfixed on Josh stating that the attacker could as well just
mount a filesystem with suid root binaries and how that would be more
useful than a buffer overflow in the filesystem driver. I totally missed
the fact that we were talking about two bugs where the kernel
deliberately called panic() ;).

So in this case I'd agree that the panic() is undesirable, but not
really a security issue.

Lutz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFZ2L5DbEkl9DbWrYRAus0AJwPEkX240mVIWme//LzHw210kUzKQCffFv1
6KGhWX9L0kzuMxk+JR+GyCg=
=RSll
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?456762FC.90108>