From owner-freebsd-questions@FreeBSD.ORG Tue Nov 14 07:34:42 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A75216A58C for ; Tue, 14 Nov 2006 07:34:42 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd3mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CD7743D68 for ; Tue, 14 Nov 2006 07:34:32 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr7so.prod.shaw.ca (pd3mr7so-qfe3.prod.shaw.ca [10.0.141.23]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J8P00LJNMDJ6L80@l-daemon> for questions@freebsd.org; Tue, 14 Nov 2006 00:34:31 -0700 (MST) Received: from pn2ml4so.prod.shaw.ca ([10.0.121.148]) by pd3mr7so.prod.shaw.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0J8P00HQLMDI8UR0@pd3mr7so.prod.shaw.ca> for questions@freebsd.org; Tue, 14 Nov 2006 00:34:31 -0700 (MST) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J8P00FUNMDDGF21@l-daemon> for questions@freebsd.org; Tue, 14 Nov 2006 00:34:30 -0700 (MST) Received: (qmail 827 invoked from network); Tue, 14 Nov 2006 07:34:18 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Tue, 14 Nov 2006 07:34:18 +0000 Date: Mon, 13 Nov 2006 23:34:17 -0800 From: Colin Percival In-reply-to: <20061113201230.bbb9d35d.wmoran@collaborativefusion.com> To: Bill Moran Message-id: <45597179.1030407@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 References: <20061113201230.bbb9d35d.wmoran@collaborativefusion.com> User-Agent: Thunderbird 1.5 (X11/20060416) Cc: questions@freebsd.org Subject: Re: FreeBSD UFS "vulnerability": Is NIST off its medication, or am I missing something? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2006 07:34:42 -0000 Bill Moran wrote: > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824 > > Following the links around, it seems that you would have to mount a "corrupt" or > "malicious" filesystem in order to exploit this "vulnerability". > > Yes, NIST claims there is no authentication required to exploit? Are new versions > of FreeBSD suddenly allowing unauthenticated users to mount filesystems by default? > If so, something's wrong with my 6.1 workstation! > > It seems like this is the 2nd or 3rd "vulnerability" I've seen that's been blown > out of proportion by NIST, or am I missing something? CVE names are assigned, and NIST creates an entry in its database, whenever someone claims that a security problem exists; their purpose is to provide a consistent name for whatever people are talking about, not to decide what exactly constitutes a security issue (as I explained in my BSDCan'06 paper, different vendors have many different policies about what constitute security issues). In this case (and another very similar bug found by the MoKB people), the FreeBSD security team has no intention to handle the bug as a security issue; obviously this is a kernel bug and deserves to be fixed, but no more so than any other kernel bug, and in fact this bug seems far less important than most. Colin Percival