Date: Wed, 4 Oct 2000 12:16:02 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: security@freebsd.org Subject: Re: OpenBSD Security Advisory (fwd) Message-ID: <Pine.BSF.4.21.0010041215240.89315-100000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
Are we patched?
Mike "Silby" Silbersack
---------- Forwarded message ----------
Date: Wed, 4 Oct 2000 00:31:03 -0700
From: K2 <ktwo@KTWO.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: OpenBSD Security Advisory
Hi,
Here is another exploit for an application (fstat) that
OpenBSD's
format string audit has seemingly forgotten about. What I would like to
know is why this and a number of other privileged applications have
security vulnerabilities in them. They WERE fixed, but NO ADVISORY nor
ANY MENTION IN THEIR DAILY CHANGLOG! How can the impact of the
vulnerability not be realized when they occur in something as privileged
as that would be using pw_error()?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010041215240.89315-100000>