From owner-freebsd-security  Thu Mar  9 23: 8:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6F06F37B8BB; Thu,  9 Mar 2000 23:08:13 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA70693;
	Fri, 10 Mar 2000 00:08:11 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA14345; Fri, 10 Mar 2000 00:07:51 -0700 (MST)
Message-Id: <200003100707.AAA14345@harmony.village.org>
To: Kris Kennaway <kris@hub.freebsd.org>
Subject: Re: dump buffer overflow (fwd) 
Cc: security@FreeBSD.ORG
In-reply-to: Your message of "Wed, 08 Mar 2000 14:42:54 PST."
		<Pine.BSF.4.21.0003081441110.1655-100000@hub.freebsd.org> 
References: <Pine.BSF.4.21.0003081441110.1655-100000@hub.freebsd.org>  
Date: Fri, 10 Mar 2000 00:07:51 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0003081441110.1655-100000@hub.freebsd.org> Kris Kennaway writes:
: If anyone was wondering about this, Warner fixed it more than 3 months ago
: after the hole was found by the freebsd auditing project, and so 3.4-REL
: is not vulnerable. It would be nice for people at least to state which
: version they tested when making blanket claims of insecurity :-(

He didn't reply to me when I sent mail to him.

In fact, I think this is where they found out about it.  We fixed it,
people noticed.  They looked at Linux, found the problem, yelled it to 
the world.  Someone pulled in an old version of FreeBSD and thought
FreeBSD was vulnerable....

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message