From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 14 01:13:07 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F152816A40F
	for <questions@freebsd.org>; Tue, 14 Nov 2006 01:13:07 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7983743DCC
	for <questions@freebsd.org>; Tue, 14 Nov 2006 01:12:38 +0000 (GMT)
	(envelope-from wmoran@collaborativefusion.com)
Received: from working (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60])
	(AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Mon, 13 Nov 2006 20:12:31 -0500
	id 0005641D.455917FF.00001F77
Date: Mon, 13 Nov 2006 20:12:30 -0500
From: Bill Moran <wmoran@collaborativefusion.com>
To: questions@freebsd.org
Message-Id: <20061113201230.bbb9d35d.wmoran@collaborativefusion.com>
Organization: Collaborative Fusion Inc.
X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.10.6; i386-portbld-freebsd6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: 
Subject: FreeBSD UFS "vulnerability": Is NIST off its medication, or am I
 missing something?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2006 01:13:08 -0000


http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824

Following the links around, it seems that you would have to mount a "corrupt" or
"malicious" filesystem in order to exploit this "vulnerability".

Yes, NIST claims there is no authentication required to exploit?  Are new versions
of FreeBSD suddenly allowing unauthenticated users to mount filesystems by default?
If so, something's wrong with my 6.1 workstation!

It seems like this is the 2nd or 3rd "vulnerability" I've seen that's been blown
out of proportion by NIST, or am I missing something?