Date: Wed, 5 Jul 2017 12:28:05 +0200 From: Damien Fleuriot <ml@my.gd> To: Matthew Seaman <matthew@freebsd.org>, fernando.apesteguia@gmail.com Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: CVE-2017-1000364 FreeBSD exposure ? Message-ID: <CAE63ME6QHmqakjb-Qa6V=G42Yoz1nydZj1pw2X9vbVVwQaYQxg@mail.gmail.com> In-Reply-To: <7860b23a-66ce-1bc6-b5f6-9264057bdf23@FreeBSD.org> References: <CAE63ME6r-t=xN=X%2BoCBrYfFruwir9djkMoheCXwbX8QR0mz8Aw@mail.gmail.com> <7860b23a-66ce-1bc6-b5f6-9264057bdf23@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Fernando for the link, and Matthew for the clarification :) On 5 July 2017 at 12:22, Matthew Seaman <matthew@freebsd.org> wrote: > On 2017/07/05 10:55, Damien Fleuriot wrote: >> I'm curious about the lack of announcement on the site in the >> vulnerabilities section [1], about CVE-2017-1000364 [2] [3]. >> >> >> Does anyone know to what extent FreeBSD is affected ? >> >> I'm trying to assess how critical it is that I patch our FreeBSD >> 10-STABLE boxes at work. >> >> >> >> Hope a kind soul can spare 5 minutes of their precious time to shed >> some light for me ;) > > The Security Team and a number of Kernel developers have examined the > stack-clash exploit and how it would apply to FreeBSD, and have > concluded that on FreeBSD it does not pose a vulnerability that would > merit a security advisory. While it is possible to write an application > to generate a stack-clash relatively simply. According to Qualys' work, > in order to be exploitable, this requires a particular type of > vulnerability in a setuid or setgid application where a stack-clash can > be generated. As far as they could determine, no such combination could > be found. > > Stack-clash is definitely a bug, and there is on-going work to tighten > up the way stack and heap collisions are handled which has recently been > committed to CURRENT and will be MFC'd to STABLE branches in the usual > way. There may well be an Errata Notification on the currently > supported -RELEASE branches in order to address the widespread public > concerns. However, to the best of SecTeam's knowledge this is not a > critical problem on FreeBSD. > > Of course, this does not preclude an exploit using some ported software > -- if anyone is aware of any such exploit, please let SecTeam know as > soon as possible. > > Cheers, > > Matthew > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE63ME6QHmqakjb-Qa6V=G42Yoz1nydZj1pw2X9vbVVwQaYQxg>