From owner-freebsd-security  Fri Jun 15 10:12:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13])
	by hub.freebsd.org (Postfix) with SMTP id 5DAAE37B405
	for <freebsd-security@freebsd.org>; Fri, 15 Jun 2001 10:12:22 -0700 (PDT)
	(envelope-from roam@orbitel.bg)
Received: (qmail 41270 invoked by uid 1000); 15 Jun 2001 17:10:58 -0000
Date: Fri, 15 Jun 2001 20:10:58 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: rich@rdrose.org
Cc: freebsd-security@freebsd.org
Subject: Re: FW: OpenBSD 2.9,2.8 local root compromise (fwd)
Message-ID: <20010615201058.O94445@ringworld.oblivion.bg>
Mail-Followup-To: rich@rdrose.org, freebsd-security@freebsd.org
References: <Pine.LNX.4.21.0106151804070.14714-100000@pkl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.21.0106151804070.14714-100000@pkl.net>; from rich@rdrose.org on Fri, Jun 15, 2001 at 06:04:44PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

That 'someone' quoted this same message, and a follow-up, explaining
why someone else actually thinks 4.3 *might* be vulnerable.

G'luck,
Peter

-- 
If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false.

On Fri, Jun 15, 2001 at 06:04:44PM +0100, rich@rdrose.org wrote:
> Someone asked about 4.3 being susceptible to this attack....
>
> ---------- Forwarded message ----------
> Date: Fri, 15 Jun 2001 08:41:13 -0500
> From: Will Senn <wsenn@postfuture.com>
> To: OpenBSDTech <tech@openbsd.org>
> Subject: FW: OpenBSD 2.9,2.8 local root compromise
> 
> -----Original Message-----
> From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl]
> Sent: Thursday, June 14, 2001 12:10 PM
> To: Georgi Guninski
> Cc: Bugtraq
> Subject: Re: OpenBSD 2.9,2.8 local root compromise
> 
> 
> On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> > OpenBSD 2.9,2.8
> > Have not tested on other OSes but they may be vulnerable
> 
> FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id
> privileges before allowing detach.
> 
> -- 
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message