From owner-freebsd-security@FreeBSD.ORG  Mon Jul 20 17:38:17 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 11FAF106566C
	for <freebsd-security@freebsd.org>;
	Mon, 20 Jul 2009 17:38:17 +0000 (UTC)
	(envelope-from oliver.pntr@gmail.com)
Received: from mail-fx0-f205.google.com (mail-fx0-f205.google.com
	[209.85.220.205])
	by mx1.freebsd.org (Postfix) with ESMTP id 941B28FC17
	for <freebsd-security@freebsd.org>;
	Mon, 20 Jul 2009 17:38:16 +0000 (UTC)
	(envelope-from oliver.pntr@gmail.com)
Received: by fxm1 with SMTP id 1so551897fxm.43
	for <freebsd-security@freebsd.org>;
	Mon, 20 Jul 2009 10:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:cc:content-type:content-transfer-encoding;
	bh=BCKYixJqOuinvxPFz5R0Er2RZiMxximQqurzvLy6yNA=;
	b=wMBH8vyhRxdHrqfg2ZVG174Xn7I7xuP1RW6DrL/KnFjmwf0+QdmrnC8kNeLkd0za42
	GdeBhi4oljXNX12QJiOnNc6e/MVTGegANxvMTiJe58EoIMkRutYX8JnG49zftcjlgTdd
	EF13mSvxplKgk3Y5vTM3pZ5kirJdENvkOp258=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	b=WDrtsJH6ifKkW49za1j0HZGhwZsV4AcL0KKtA+Fo2aU2y7K+64okVd21J1M0m/5QGo
	TQPxLc7G491PO5waS7JZGSuWeGDw4yOHodiGtXtAsdIPejk7sbjiTNnhehqyYO3z1EHy
	dbz3XkTM1IcJmY4zKG7Rcve8KLzq9WvYUyhvw=
MIME-Version: 1.0
Received: by 10.103.171.6 with SMTP id y6mr2331245muo.110.1248109738686; Mon, 
	20 Jul 2009 10:08:58 -0700 (PDT)
Date: Mon, 20 Jul 2009 19:08:58 +0200
Message-ID: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com>
From: Oliver Pinter <oliver.pntr@gmail.com>
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Security Officer <cperciva@freebsd.org>
Subject: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of Service 
	Exploit 23 R D Shaun Colley
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2009 17:38:17 -0000

http://milw0rm.com/exploits/9206

From owner-freebsd-security@FreeBSD.ORG  Tue Jul 21 15:58:07 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7932E106564A
	for <freebsd-security@freebsd.org>;
	Tue, 21 Jul 2009 15:58:07 +0000 (UTC) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 3AB818FC1A
	for <freebsd-security@freebsd.org>;
	Tue, 21 Jul 2009 15:58:07 +0000 (UTC) (envelope-from des@des.no)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 324D96D418;
	Tue, 21 Jul 2009 17:39:26 +0200 (CEST)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 06977844C2; Tue, 21 Jul 2009 17:39:26 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Oliver Pinter <oliver.pntr@gmail.com>
References: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com>
Date: Tue, 21 Jul 2009 17:39:25 +0200
In-Reply-To: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com>
	(Oliver Pinter's message of "Mon, 20 Jul 2009 19:08:58 +0200")
Message-ID: <86zlayvydu.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.92 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org,
	FreeBSD Security Officer <cperciva@freebsd.org>
Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of
	Service Exploit 23 R D Shaun Colley
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 15:58:07 -0000

Oliver Pinter <oliver.pntr@gmail.com> writes:
> http://milw0rm.com/exploits/9206

Standard procedure is to contact so@freebsd.org directly rather than
post an exploit on a public, archived mailing list.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no

From owner-freebsd-security@FreeBSD.ORG  Tue Jul 21 18:22:36 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 343DF106566C
	for <freebsd-security@freebsd.org>;
	Tue, 21 Jul 2009 18:22:36 +0000 (UTC)
	(envelope-from jmiller@securityfocus.com)
Received: from outgoing2.securityfocus.com (outgoing.securityfocus.com
	[205.206.231.26])
	by mx1.freebsd.org (Postfix) with ESMTP id 15D9A8FC08
	for <freebsd-security@freebsd.org>;
	Tue, 21 Jul 2009 18:22:36 +0000 (UTC)
	(envelope-from jmiller@securityfocus.com)
Received: from mail.securityfocus.com (mail.securityfocus.com [205.206.231.9])
	by outgoing2.securityfocus.com (Postfix) with SMTP id CD1861437E4
	for <freebsd-security@freebsd.org>;
	Tue, 21 Jul 2009 12:03:37 -0600 (MDT)
Received: (qmail 14913 invoked by uid 533); 21 Jul 2009 18:04:13 -0000
Date: Tue, 21 Jul 2009 12:04:13 -0600
From: "Jason V. Miller" <jmiller@securityfocus.com>
To: Dag-Erling Sm??rgrav <des@des.no>
Message-ID: <20090721180413.GA13170@mail.securityfocus.com>
References: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com>
	<86zlayvydu.fsf@ds4.des.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: Message
Content-Disposition: inline
In-Reply-To: <86zlayvydu.fsf@ds4.des.no>
User-Agent: Mutt/1.4.1i
Cc: freebsd-security@freebsd.org,
	FreeBSD Security Officer <cperciva@freebsd.org>,
	Oliver Pinter <oliver.pntr@gmail.com>
Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of
	Service Exploit 23 R D Shaun Colley
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 18:22:36 -0000

On Tue, Jul 21, 2009 at 05:39:25PM +0200, Dag-Erling Sm??rgrav wrote:
> Oliver Pinter <oliver.pntr@gmail.com> writes:
> > http://milw0rm.com/exploits/9206
> 
> Standard procedure is to contact so@freebsd.org directly rather than
> post an exploit on a public, archived mailing list.

To be fair, he didn't post a new exploit to the list, but instead a link to
an already-public exploit.

J.

-- 
Jason V. Miller

From owner-freebsd-security@FreeBSD.ORG  Tue Jul 21 18:58:23 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8E112106564A;
	Tue, 21 Jul 2009 18:58:23 +0000 (UTC)
	(envelope-from oliver.pntr@gmail.com)
Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com
	[209.85.220.218])
	by mx1.freebsd.org (Postfix) with ESMTP id EAF378FC13;
	Tue, 21 Jul 2009 18:58:22 +0000 (UTC)
	(envelope-from oliver.pntr@gmail.com)
Received: by fxm18 with SMTP id 18so11878fxm.43
	for <multiple recipients>; Tue, 21 Jul 2009 11:58:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=EfP0IZyqaFHVWMJs8r3uW7QxmtlQ3dDc37Y6M1FR4vk=;
	b=sN7wx5R6c1mqtesGqkRPBjoGnoCL97DQ066u8fwMCJ5aYj/KniPtVkWXVGiSLWKua/
	GYwX8BmOZKJ1asQdk9eyT6ipwCtaS8lDnjXzAuZSreKrHgyjHuW84v1WOjnv3O+VJl4O
	HFoEUyN1+2evUCPRp78TK7UScNBWoXM8GllNk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=FUhkqPkyFQgfyqPhiQFLVk1fy6LpjoyhueJ+XMDgtdeLUC3cHlxZXouSacCpXOnwf8
	vFrFKMrYMH9AQv5mJVGSepbNAUM5yBElVW4iGp+AHsFLoOnoNB+D9UQ+S4kH8vZtX7UU
	dveV+UA4728HftQF1DML1xhWPVTWsLQhKjzb8=
MIME-Version: 1.0
Received: by 10.103.52.13 with SMTP id e13mr1138199muk.122.1248202701506; Tue, 
	21 Jul 2009 11:58:21 -0700 (PDT)
In-Reply-To: <20090721180413.GA13170@mail.securityfocus.com>
References: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com>
	<86zlayvydu.fsf@ds4.des.no>
	<20090721180413.GA13170@mail.securityfocus.com>
Date: Tue, 21 Jul 2009 20:58:21 +0200
Message-ID: <6101e8c40907211158j29a84b2fl6b343790b698977b@mail.gmail.com>
From: Oliver Pinter <oliver.pntr@gmail.com>
To: "Jason V. Miller" <jmiller@securityfocus.com>,
	"Dag-Erling Sm??rgrav" <des@des.no>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org,
	FreeBSD Security Officer <cperciva@freebsd.org>
Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of 
	Service Exploit 23 R D Shaun Colley
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 18:58:23 -0000

Hi all!

Yeah, I found the expolit in milw0rm at  Jul 20, 2009. and send this
mail, before I never read anything from so@freebsd.org... and from
this mail (I think security officer), so then add cperciva to CC.

btw:
oliver@oliverp src> git grep "so@freebsd.org"
sys/dev/usb/ubser.c: * Copyright (c) 2004 Ber{}ter <tic{}sd.org>
sys/dev/usb/ubser.h: * Copyright (c) 2003 Ber{}ter <tic{}asd.org>

This git tree is  the full freebsd tree, imported to git, and no
information from this mail address.

On 7/21/09, Jason V. Miller <jmiller@securityfocus.com> wrote:
> On Tue, Jul 21, 2009 at 05:39:25PM +0200, Dag-Erling Sm??rgrav wrote:
>> Oliver Pinter <oliver.pntr@gmail.com> writes:
>> > http://milw0rm.com/exploits/9206
>>
>> Standard procedure is to contact so@freebsd.org directly rather than
>> post an exploit on a public, archived mailing list.
>
> To be fair, he didn't post a new exploit to the list, but instead a link to
> an already-public exploit.
>
> J.
>
> --
> Jason V. Miller
>

From owner-freebsd-security@FreeBSD.ORG  Tue Jul 21 20:10:32 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 89D131065675;
	Tue, 21 Jul 2009 20:10:32 +0000 (UTC) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 2D7D48FC1F;
	Tue, 21 Jul 2009 20:10:32 +0000 (UTC) (envelope-from des@des.no)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 7BB996D418;
	Tue, 21 Jul 2009 22:10:31 +0200 (CEST)
Received: by ds4.des.no (Postfix, from userid 1001)
	id 5A712844C2; Tue, 21 Jul 2009 22:10:31 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Oliver Pinter <oliver.pntr@gmail.com>
References: <6101e8c40907201008n62eeec05r6670a79698bc2ac7@mail.gmail.com>
	<86zlayvydu.fsf@ds4.des.no>
	<20090721180413.GA13170@mail.securityfocus.com>
	<6101e8c40907211158j29a84b2fl6b343790b698977b@mail.gmail.com>
Date: Tue, 21 Jul 2009 22:10:31 +0200
In-Reply-To: <6101e8c40907211158j29a84b2fl6b343790b698977b@mail.gmail.com>
	(Oliver Pinter's message of "Tue, 21 Jul 2009 20:58:21 +0200")
Message-ID: <861vo9x0eg.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.92 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org,
	FreeBSD Security Officer <cperciva@freebsd.org>
Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of
	Service Exploit 23 R D Shaun Colley
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jul 2009 20:10:33 -0000

Oliver Pinter <oliver.pntr@gmail.com> writes:
> Yeah, I found the expolit in milw0rm at  Jul 20, 2009. and send this
> mail, before I never read anything from so@freebsd.org...

http://www.freebsd.org/security

so@ is an alias for security-officer@.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no