Date: Mon, 22 May 2000 21:44:21 -0600 From: Warner Losh <imp@village.org> To: Fernando Schapachnik <fpscha@via-net-works.net.ar> Cc: cjclark@home.com, freebsd-security@FreeBSD.ORG Subject: Re: The procfs Hole in 2.2.8-STABLE? Message-ID: <200005230344.VAA99816@harmony.village.org> In-Reply-To: Your message of "Mon, 22 May 2000 22:26:15 -0300." <200005230126.WAA02250@ns1.via-net-works.net.ar> References: <200005230126.WAA02250@ns1.via-net-works.net.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200005230126.WAA02250@ns1.via-net-works.net.ar> Fernando Schapachnik writes: : En un mensaje anterior, Warner Losh escribió: : > We stopped committing to make backports to 2.x when FreeBSD 3.2 was : > released, or about this time last year. Anything that happened after : > that may or may not hav emade it back to 2.2.8. Also, some of them : > weren't noteworthy at the time, so no advisory was issued (I had the : > advisory setting too high). Some exploits have surfaced against old : > versions of FreeBSD. There's no central collection of these : > documented anywhere. I wish I had a better answer for you than this. : : Any of them is a remote exploit? Have an URL? I don't think so. However, I can't say for sure. It has been a while since I've been focused on 2.x enough to know that all holes have been fixed. I just don't have the information that you want. Generally speaking, if the advisory doesn't mention the version of freebsd you are interested in, then the bug is likely still in that version. Also, there have been several DoS bugs that people have written exploits for after bugs were corrected in FreeBSD. Not all of these have had advisories since some of them have come along months or years after the bug fix. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005230344.VAA99816>