From owner-freebsd-security Mon May 22 20:45:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id A664A37B854 for ; Mon, 22 May 2000 20:45:30 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA08938; Mon, 22 May 2000 21:45:22 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA99816; Mon, 22 May 2000 21:44:21 -0600 (MDT) Message-Id: <200005230344.VAA99816@harmony.village.org> To: Fernando Schapachnik Subject: Re: The procfs Hole in 2.2.8-STABLE? Cc: cjclark@home.com, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Mon, 22 May 2000 22:26:15 -0300." <200005230126.WAA02250@ns1.via-net-works.net.ar> References: <200005230126.WAA02250@ns1.via-net-works.net.ar> Date: Mon, 22 May 2000 21:44:21 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200005230126.WAA02250@ns1.via-net-works.net.ar> Fernando Schapachnik writes: : En un mensaje anterior, Warner Losh escribió: : > We stopped committing to make backports to 2.x when FreeBSD 3.2 was : > released, or about this time last year. Anything that happened after : > that may or may not hav emade it back to 2.2.8. Also, some of them : > weren't noteworthy at the time, so no advisory was issued (I had the : > advisory setting too high). Some exploits have surfaced against old : > versions of FreeBSD. There's no central collection of these : > documented anywhere. I wish I had a better answer for you than this. : : Any of them is a remote exploit? Have an URL? I don't think so. However, I can't say for sure. It has been a while since I've been focused on 2.x enough to know that all holes have been fixed. I just don't have the information that you want. Generally speaking, if the advisory doesn't mention the version of freebsd you are interested in, then the bug is likely still in that version. Also, there have been several DoS bugs that people have written exploits for after bugs were corrected in FreeBSD. Not all of these have had advisories since some of them have come along months or years after the bug fix. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message