Date: Fri, 25 Sep 2009 08:52:25 -0400 From: Mike Tancsa <mike@sentex.net> To: d@delphij.net Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD bug grants local root access (FreeBSD 6.x) Message-ID: <200909251248.n8PCmJPY011925@lava.sentex.ca> In-Reply-To: <4AAF5999.7020501@delphij.net> References: <4AAF45B4.60307@isafeelin.org> <4AAF5999.7020501@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:08 AM 9/15/2009, Xin LI wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Hi, > >Frederique Rijsdijk wrote: > > Hi, > > > > Any info on this subject on > > > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ > >Currently we (secteam@) are testing the correction patch and do >peer-review on the security advisory draft, the bug was found and fixed >on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was >not recognized as a security vulnerability at that time. The exploit >code has to be executed locally, i.e. either by an untrusted local user, >or be exploited in conjunction with some remote vulnerability on >applications that allow the attacker to inject their own code. > >We can not release further details about the problem at this time, >though, but I think we will likely to publish the advisory and >correction patch this patch Wednesday. Hi, Just wondering if there is any update on this issue ? ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909251248.n8PCmJPY011925>