Date: Sun, 12 May 2002 07:50:01 -0400 From: Chris Faulhaber <jedgar@fxp.org> To: Brett Glass <brett@forum.lariat.org> Cc: security@freebsd.org Subject: Re: DHCPD bug Message-ID: <20020512115001.GA9166@peitho.fxp.org> In-Reply-To: <200205112302.RAA15457@forum.lariat.org> References: <200205112302.RAA15457@forum.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0F1p//8PRICkK4MW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 11, 2002 at 05:02:00PM -0600, Brett Glass wrote: > There's a nasty bug in ISC's DHCPD -- a remote root hole -- that affects > the versions that have been provided as ports and packages in recent > releases. See >=20 > http://www.extremetech.com/article/0,3396,apn=3D2&s=3D1024&a=3D26709&ap= =3D1,00.asp >=20 > for a description of the problem. The version of the port that's online > has been updated to close the hole, but the package hasn't -- which means I assume you first emailed portmgr@FreeBSD.org (since they work the packages) or perhaps admins@FreeBSD.org or hub@FreeBSD.org (who maintain the various FreeBSD machines) and you received no response so you are trying to contact them using the -security list. > that users installing FreeBSD who grab the daemon via /stand/sysinstall > will find themselves vulnerable. Also, no advisory has been issued.... > One should be. >=20 As Jacques stated, a Security Notice is in the works for this and other recently-vulnerable ports/packages. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --0F1p//8PRICkK4MW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iD8DBQE83lboObaG4P6BelARAvr7AJ9A7VhflW7/1QGJdh6retFArIFDgwCgkDSY l4n9OIovwRABesKbA5GW5hg= =94Is -----END PGP SIGNATURE----- --0F1p//8PRICkK4MW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020512115001.GA9166>