Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 May 2000 21:44:21 -0600
From:      Warner Losh <imp@village.org>
To:        Fernando Schapachnik <fpscha@via-net-works.net.ar>
Cc:        cjclark@home.com, freebsd-security@FreeBSD.ORG
Subject:   Re: The procfs Hole in 2.2.8-STABLE? 
Message-ID:  <200005230344.VAA99816@harmony.village.org>
In-Reply-To: Your message of "Mon, 22 May 2000 22:26:15 -0300." <200005230126.WAA02250@ns1.via-net-works.net.ar> 
References:  <200005230126.WAA02250@ns1.via-net-works.net.ar>  

next in thread | previous in thread | raw e-mail | index | archive | help
In message <200005230126.WAA02250@ns1.via-net-works.net.ar> Fernando Schapachnik writes:
: En un mensaje anterior, Warner Losh escribió:
: > We stopped committing to make backports to 2.x when FreeBSD 3.2 was
: > released, or about this time last year.  Anything that happened after
: > that may or may not hav emade it back to 2.2.8.  Also, some of them
: > weren't noteworthy at the time, so no advisory was issued (I had the
: > advisory setting too high).  Some exploits have surfaced against old
: > versions of FreeBSD.  There's no central collection of these
: > documented anywhere.  I wish I had a better answer for you than this.
: 
: Any of them is a remote exploit? Have an URL?

I don't think so.  However, I can't say for sure.  It has been a while
since I've been focused on 2.x enough to know that all holes have been
fixed.  I just don't have the information that you want.

Generally speaking, if the advisory doesn't mention the version of
freebsd you are interested in, then the bug is likely still in that
version.  Also, there have been several DoS bugs that people have
written exploits for after bugs were corrected in FreeBSD.  Not all of
these have had advisories since some of them have come along months or
years after the bug fix.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005230344.VAA99816>