Date: Thu, 23 Nov 2006 17:42:00 -0600 From: Josh Paetzel <josh@tcbug.org> To: freebsd-security@freebsd.org Cc: David Malone <dwmalone@maths.tcd.ie>, "O. Hartmann" <ohartman@zedat.fu-berlin.de> Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679 Message-ID: <200611231742.01418.josh@tcbug.org> In-Reply-To: <20061123213656.GA26275@walton.maths.tcd.ie> References: <45656A3B.6000000@zedat.fu-berlin.de> <20061123213656.GA26275@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 23 November 2006 15:36, David Malone wrote: > On Thu, Nov 23, 2006 at 10:30:35AM +0100, O. Hartmann wrote: > > Is for these UFS bugs in FreeBSD since 6.1 a fix uderway? > > > > See: > > > > http://projects.info-pull.com/mokb/ > > > > MOKB-08-11-2006,CVE-2006-5824, MOKB-03-11-2006,CVE-2006-5679 > > These two bugs both seem to involve mounting deliberately corrupted > UFS file systems. I'm not sure that many people allow this. To be > honest, I'm surprised that they only list two bugs of this sort - > UFS wasn't designed to be robust to working with accidently > corrupted filesystems, let alone ones corrupted maliciously! > > The usual response of UFS to a corrupted filesystem is to panic. > I'm guessing it would have been easier to do: > > grep panic /usr/src/sys/ufs/*/*.c > > to find a load of these bugs, rather than writing a fuzzing tool > ;-) > > (That's not to say that it isn't worth improving things, it's just > likely to be a large amount of work to fix this in a way that > actually makes things better.) > > David. Out of the box you need to be root to mount things. Once you have root access to a box you don't need silly things like this to crash it. If you've gone out of your way to configure your box in such a way that a non-root user can mount arbitrary UFS filesystems then they certainly don't need to waste their time with buffer-overflows and the like. They can simply mount a filesystem with any number of SUID root binaries on it and have their way with the box. Either way, while it's senseless to argue that the buffer overflows don't exist, anyone in a positiion to actually exploit them doesn't need them to be malicious. -- Thanks, Josh Paetzel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611231742.01418.josh>