Date: Wed, 4 Oct 2000 12:16:02 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: security@freebsd.org Subject: Re: OpenBSD Security Advisory (fwd) Message-ID: <Pine.BSF.4.21.0010041215240.89315-100000@achilles.silby.com>
next in thread | raw e-mail | index | archive | help
Are we patched? Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Wed, 4 Oct 2000 00:31:03 -0700 From: K2 <ktwo@KTWO.CA> To: BUGTRAQ@SECURITYFOCUS.COM Subject: Re: OpenBSD Security Advisory Hi, Here is another exploit for an application (fstat) that OpenBSD's format string audit has seemingly forgotten about. What I would like to know is why this and a number of other privileged applications have security vulnerabilities in them. They WERE fixed, but NO ADVISORY nor ANY MENTION IN THEIR DAILY CHANGLOG! How can the impact of the vulnerability not be realized when they occur in something as privileged as that would be using pw_error()? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010041215240.89315-100000>