From owner-freebsd-security Fri Jun 15 10: 4:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 2F73F37B401 for ; Fri, 15 Jun 2001 10:04:46 -0700 (PDT) (envelope-from rich@rdrose.org) Received: from localhost (rik@localhost) by pkl.net (8.9.3/8.9.3) with ESMTP id SAA14735 for ; Fri, 15 Jun 2001 18:04:45 +0100 Date: Fri, 15 Jun 2001 18:04:44 +0100 (BST) From: rich@rdrose.org X-Sender: rik@pkl.net To: freebsd-security@freebsd.org Subject: FW: OpenBSD 2.9,2.8 local root compromise (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Someone asked about 4.3 being susceptible to this attack.... ---------- Forwarded message ---------- Date: Fri, 15 Jun 2001 08:41:13 -0500 From: Will Senn To: OpenBSDTech Subject: FW: OpenBSD 2.9,2.8 local root compromise -----Original Message----- From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl] Sent: Thursday, June 14, 2001 12:10 PM To: Georgi Guninski Cc: Bugtraq Subject: Re: OpenBSD 2.9,2.8 local root compromise On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote: > OpenBSD 2.9,2.8 > Have not tested on other OSes but they may be vulnerable FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id privileges before allowing detach. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message