Date: Fri, 31 Oct 1997 20:42:48 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: xforce@iss.net (X-Force) Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: FreeBSD open() Vulnerability Message-ID: <19971031204248.VR10481@uriah.heep.sax.de> In-Reply-To: <Pine.LNX.3.95.971031092524.13604A-100000@arden.iss.net>; from X-Force on Oct 31, 1997 09:26:56 -0500 References: <Pine.LNX.3.95.971031092524.13604A-100000@arden.iss.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--H7W16=UdOxVlW8ac As X-Force wrote: > Here is a preview of our ISS Summary that is going out on November 5, > 1997. This is for you to review for any possible additions or corrections > as well as make you aware of this Summary before it goes to our clients > and the public. > A problem exists in in the way that FreeBSD's open() system call obtains > the right to execute io instructions. This problem has been corrected in > versions of FreeBSD-stable as of 10/23/97 and FreeBSD-current as of > 10/24/97. The actual problem in FreeBSD-current has already been plugged by 1997/04/14 (revision 1.42 of src/sys/i386/i386/mem.c introduced the check for superuser privileges in order to obtain IOPL rights). So while the open() bug was fixed on 1997/10/24 (please don't use the US-centric date notation, it's often ambiguous), no serious problem is known for this bug other than the /dev/io exploit already fixed before. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) --H7W16=UdOxVlW8ac Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNFo0t3W7bjh2o/exAQF4oQP/X2sp4CDe4E0NzPby1rkew8t0Gh1WxuZl v3zCJmine7MBLYKjjk8By5CIf5thSlFS1koGyGZ89mbi2WGrJwZB4gkb2dLri+8f eHWvbq5xO+rG2K2XuPmYZn8+D68nkHvips07OJdyqX6Es0w0fyMu7JU+Z99jvXjQ 61qtZpoSkzY= =7VY6 -----END PGP SIGNATURE----- --H7W16=UdOxVlW8ac--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971031204248.VR10481>