From owner-freebsd-security@FreeBSD.ORG Thu Nov 23 21:37:02 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E208F16A412; Thu, 23 Nov 2006 21:37:02 +0000 (UTC) (envelope-from dwmalone@maths.tcd.ie) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id A434343D45; Thu, 23 Nov 2006 21:36:22 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie) by salmon.maths.tcd.ie with SMTP id ; 23 Nov 2006 21:36:57 +0000 (GMT) Date: Thu, 23 Nov 2006 21:36:56 +0000 From: David Malone To: "O. Hartmann" Message-ID: <20061123213656.GA26275@walton.maths.tcd.ie> References: <45656A3B.6000000@zedat.fu-berlin.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45656A3B.6000000@zedat.fu-berlin.de> User-Agent: Mutt/1.5.6i Sender: dwmalone@maths.tcd.ie Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, FreeBSD Stable Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 21:37:03 -0000 On Thu, Nov 23, 2006 at 10:30:35AM +0100, O. Hartmann wrote: > Is for these UFS bugs in FreeBSD since 6.1 a fix uderway? > > See: > > http://projects.info-pull.com/mokb/ > > MOKB-08-11-2006,CVE-2006-5824, MOKB-03-11-2006,CVE-2006-5679 These two bugs both seem to involve mounting deliberately corrupted UFS file systems. I'm not sure that many people allow this. To be honest, I'm surprised that they only list two bugs of this sort - UFS wasn't designed to be robust to working with accidently corrupted filesystems, let alone ones corrupted maliciously! The usual response of UFS to a corrupted filesystem is to panic. I'm guessing it would have been easier to do: grep panic /usr/src/sys/ufs/*/*.c to find a load of these bugs, rather than writing a fuzzing tool ;-) (That's not to say that it isn't worth improving things, it's just likely to be a large amount of work to fix this in a way that actually makes things better.) David.