Date: Fri, 07 Feb 1997 09:02:30 -0800 From: Craig Shaver <craig@progroup.com> To: Pbl <fritz!pbl@dorotech.fr> Cc: questions@freebsd.org Subject: Re: Headache about Release Message-ID: <32FB6026.52BFA1D7@progroup.com> References: <32FB3E4C.2781E494@dorotech.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Pbl wrote: > > First, sorry for my incorrect english. > > Yesterday morning, I was happy :). I bought my 2.1.6 walnut creek cdrom (there > is some delay between France and the U.S.) and plan to upgrade my system. > > Yesterday evening, I was sad :(. I have read from questions mailing list that > due to some security problems 2.1.6 will be replaced by 2.1.7. > > What's sort of problems (kernel, TCP/IP, commands) ?? > >From what I know, I believe you will be vulnerable if you are connected to the internet and allow logins of untrusted users. There is a bug in the setlocale() code used in crt0.o, which is compiled into all executables, that can be used to core dump a setuid program and gain root access. It sounds like you have some control over your users, and they can be trusted. Make sure they are using good passwords; run crack. -- Craig Shaver (craig@progroup.com) (415)390-0654 Productivity Group POB 60458 Sunnyvale, CA 94088
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32FB6026.52BFA1D7>