From owner-freebsd-questions@FreeBSD.ORG Wed Oct 11 00:16:33 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7606316A403; Wed, 11 Oct 2006 00:16:33 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id D287843D5C; Wed, 11 Oct 2006 00:16:32 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from localhost (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60]) (AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Tue, 10 Oct 2006 20:16:31 -0400 id 00056413.452C37E0.00001831 Date: Tue, 10 Oct 2006 20:16:30 -0400 From: Bill Moran To: Colin Percival Message-Id: <20061010201630.aabaf1a4.wmoran@collaborativefusion.com> In-Reply-To: <452C25A2.6080809@freebsd.org> References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com> <452C25A2.6080809@freebsd.org> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd security , questions@freebsd.org Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2006 00:16:33 -0000 Colin Percival wrote: > Bill Moran wrote: > > This report seems pretty vague. I'm unsure as to whether the alleged > > "bug" gives the user any more permissions than he'd already have? Anyone > > know any details? > > This is a local denial of service bug, which was fixed 6 weeks ago in HEAD > and RELENG_6. There is no opportunity for either remote denial of service > or any privilege escalation. > > > VI. VENDOR RESPONSE > > > > "The policy of the FreeBSD Security Team is that local denial of service > > bugs not be treated as security issues; it is possible that this problem > > will be corrected in a future Erratum." > > If there was any potential for > (a) privilege escalation, > (b) disclosure of potentially sensitive information, or > (c) denial of service by a non-authenticated attacker, > we would have issued a security advisory. That was what I expected. Section III seems to hint that it could be used by an unprivilidged user to crash or lock a system. I suspect they used it as root to crash/lock the OS. But I don't need any bugs to do that as root, so it doesn't really count as a security issue. BTW, are you going to be at NYCBSDCon? If so, seek me out -- I owe you a beer at the least. As always, thanks for the quick response. -- Bill Moran That seem right to you? Jubal Early