From owner-freebsd-security Mon Dec 18 8:16:33 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 18 08:16:31 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123]) by hub.freebsd.org (Postfix) with ESMTP id 3ED5A37B402 for ; Mon, 18 Dec 2000 08:16:31 -0800 (PST) Received: (from kris@localhost) by citusc.usc.edu (8.9.3/8.9.3) id IAA29606 for security@FreeBSD.org; Mon, 18 Dec 2000 08:17:49 -0800 Date: Mon, 18 Dec 2000 08:17:49 -0800 From: Kris Kennaway To: security@FreeBSD.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs Message-ID: <20001218081749.A29592@citusc.usc.edu> References: <20001218153619.071BE37B400@hub.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001218153619.071BE37B400@hub.freebsd.org>; from security-advisories@FreeBSD.ORG on Mon, Dec 18, 2000 at 07:36:19AM -0800 Sender: kris@citusc.usc.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Oops, apparently the /proc//ctl local root exploit applies to 3.x as well and has not yet been fixed. I'm told the patch for 4.2 listed in the advisory applies cleanly but has not been tested. Kris --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6PjitWry0BWjoQKURAorXAKCKYpvR+6rLqr0fcejjtRAQn36OmACg9L1y NBoPXDSXYNcGp+B7C5wfLfM= =KjIH -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message