From owner-freebsd-security@FreeBSD.ORG Tue Sep 15 09:08:53 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 525F71065672 for ; Tue, 15 Sep 2009 09:08:53 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.delphij.net (delphij-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:2c9::2]) by mx1.freebsd.org (Postfix) with ESMTP id EBAE78FC20 for ; Tue, 15 Sep 2009 09:08:52 +0000 (UTC) Received: from tarsier.geekcn.org (tarsier.geekcn.org [211.166.10.233]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by tarsier.delphij.net (Postfix) with ESMTPS id A7D855C06F for ; Tue, 15 Sep 2009 17:08:51 +0800 (CST) Received: from localhost (tarsier.geekcn.org [211.166.10.233]) by tarsier.geekcn.org (Postfix) with ESMTP id 73BDE55CE028; Tue, 15 Sep 2009 17:08:51 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([211.166.10.233]) by localhost (mail.geekcn.org [211.166.10.233]) (amavisd-new, port 10024) with ESMTP id ey2D4tBpeyhM; Tue, 15 Sep 2009 17:08:45 +0800 (CST) Received: from charlie.delphij.net (c-69-181-136-105.hsd1.ca.comcast.net [69.181.136.105]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTPSA id 8C51055CE019; Tue, 15 Sep 2009 17:08:44 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:reply-to:organization:user-agent: mime-version:to:cc:subject:references:in-reply-to: x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=dPvbNQh7rVue5CLJJ2gtl/vqFyCBPydEJLdMdFy6oOT18gMg4VgLJwStU4rROhfhv pHBBsNW5c+Y+vRzbzAlfg== Message-ID: <4AAF5999.7020501@delphij.net> Date: Tue, 15 Sep 2009 02:08:41 -0700 From: Xin LI Organization: The FreeBSD Project User-Agent: Thunderbird 2.0.0.22 (X11/20090803) MIME-Version: 1.0 To: Frederique Rijsdijk References: <4AAF45B4.60307@isafeelin.org> In-Reply-To: <4AAF45B4.60307@isafeelin.org> X-Enigmail-Version: 0.96.0 OpenPGP: id=18EDEBA0; url=http://www.delphij.net/delphij.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 09:08:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Frederique Rijsdijk wrote: > Hi, > > Any info on this subject on > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ Currently we (secteam@) are testing the correction patch and do peer-review on the security advisory draft, the bug was found and fixed on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was not recognized as a security vulnerability at that time. The exploit code has to be executed locally, i.e. either by an untrusted local user, or be exploited in conjunction with some remote vulnerability on applications that allow the attacker to inject their own code. We can not release further details about the problem at this time, though, but I think we will likely to publish the advisory and correction patch this patch Wednesday. Cheers, - -- Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkqvWZgACgkQi+vbBBjt66DAwACdHwj+VB8Ak0oRwhiH7X16+2Wl nU0An2bMd4Y40DqCUJI+DEmNmozmm7fz =+LtQ -----END PGP SIGNATURE-----