From owner-freebsd-security  Wed Oct  4 10:20:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 1B1FE37B503
	for <freebsd-security@FreeBSD.ORG>; Wed,  4 Oct 2000 10:20:42 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HKcM16309;
	Wed, 4 Oct 2000 11:20:38 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37630; Wed, 4 Oct 2000 11:20:37 -0600 (MDT)
Message-Id: <200010041720.LAA37630@harmony.village.org>
To: Matt Heckaman <matt@ARPA.MAIL.NET>
Subject: Re: Fwd: BSD chpass 
Cc: Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Wed, 04 Oct 2000 01:16:50 EDT."
		<Pine.BSF.4.21.0010040116090.79727-100000@epsilon.lucida.qc.ca> 
References: <Pine.BSF.4.21.0010040116090.79727-100000@epsilon.lucida.qc.ca>  
Date: Wed, 04 Oct 2000 11:20:37 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0010040116090.79727-100000@epsilon.lucida.qc.ca> Matt Heckaman writes:
: I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on
: my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be
: vulnerable in a method outside the scope of the posted exploit. I just
: found out about this 5 minutes and ran to turn off the suid bit :P

4.1R and 4.1.1R are known to be safe.  3.5.1-stable was patched last
night at about 0600GMT.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message