From owner-freebsd-security Tue Mar 11 22: 7:43 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D1FD37B401 for ; Tue, 11 Mar 2003 22:07:41 -0800 (PST) Received: from intense.net (server.intense.net [199.217.236.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89F6A43FBD for ; Tue, 11 Mar 2003 22:07:40 -0800 (PST) (envelope-from bobber@intense.net) Received: (from root@localhost) by intense.net (8.12.8/8.12.3) id h2C68G6a095001 for freebsd-security@freebsd.org; Wed, 12 Mar 2003 00:08:16 -0600 (CST) (envelope-from bobber@intense.net) Received: from bob (209.248.134.245.nw.nuvox.net [209.248.134.245]) by intense.net (8.12.8/8.12.3av) with SMTP id h2C68DFr094991 for ; Wed, 12 Mar 2003 00:08:13 -0600 (CST) (envelope-from bobber@intense.net) Message-ID: <102a01c2e85d$6c195fc0$6c01a8c0@metropark.metropark.com> From: "Robert Herrold" To: References: <200303061415.h26EFlhD004317@device.dyndns.org> <200303061415.h26EFlhD004317@device.dyndns.org> <5.2.0.9.2.20030311113159.0386fea0@localhost> Subject: Re: Prov. patch for the file hole ISS disclosed Date: Wed, 12 Mar 2003 00:05:40 -0600 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4920.2300 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Did I get this in the middle of a thread???? This is very important to our operation (since we run Amavis), and even after viewing the archives, it appears that it is starting with this thread. Is there a a patch for this? It appears that the patch is relevant to GUI, and we dont' run Xwindows TIA Bob ----- Original Message ----- From: "Christopher Schulte" To: "Jacques A. Vidrine" ; "Guy Poizat" Cc: ; Sent: Tuesday, March 11, 2003 11:34 AM Subject: Re: Prov. patch for the file hole ISS disclosed > At 09:41 AM 3/6/2003 -0600, Jacques A. Vidrine wrote: > >Thanks! However, this has already been fixed in -CURRENT (by import > >of FILE 3.41). I do not know whether or not David plans to MFC in > >time for 4.8-RELEASE. > > I think this should be merged into the security branches, > due to possible remote exploit by third party programs that > use file, such as (at the very least) amavis. > > >Cheers, > >-- > >Jacques A. Vidrine http://www.celabo.org/ > >NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > >jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > -- > Christopher Schulte > http://www.schulte.org/ > Do not un-munge my @nospam.schulte.org > email address. This address is valid. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message