Date: Tue, 15 Sep 2009 02:08:41 -0700 From: Xin LI <delphij@delphij.net> To: Frederique Rijsdijk <frederique@isafeelin.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) Message-ID: <4AAF5999.7020501@delphij.net> In-Reply-To: <4AAF45B4.60307@isafeelin.org> References: <4AAF45B4.60307@isafeelin.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Frederique Rijsdijk wrote: > Hi, > > Any info on this subject on > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ Currently we (secteam@) are testing the correction patch and do peer-review on the security advisory draft, the bug was found and fixed on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was not recognized as a security vulnerability at that time. The exploit code has to be executed locally, i.e. either by an untrusted local user, or be exploited in conjunction with some remote vulnerability on applications that allow the attacker to inject their own code. We can not release further details about the problem at this time, though, but I think we will likely to publish the advisory and correction patch this patch Wednesday. Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkqvWZgACgkQi+vbBBjt66DAwACdHwj+VB8Ak0oRwhiH7X16+2Wl nU0An2bMd4Y40DqCUJI+DEmNmozmm7fz =+LtQ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AAF5999.7020501>