From owner-freebsd-questions@FreeBSD.ORG Tue Sep 15 03:27:28 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A51AB1065672; Tue, 15 Sep 2009 03:27:28 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id 1B81C8FC13; Tue, 15 Sep 2009 03:27:27 +0000 (UTC) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 2EE1EEB56A9; Tue, 15 Sep 2009 05:57:00 +0300 (EEST) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id EC37D45171; Tue, 15 Sep 2009 05:56:59 +0300 (EEST) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2kiXoVAiVPIe; Tue, 15 Sep 2009 05:56:59 +0300 (EEST) Received: from kobe.laptop (cm35.psi155.maxonline.com.sg [58.146.155.35]) by mail.ceid.upatras.gr (Postfix) with ESMTP id DEB264512A; Tue, 15 Sep 2009 05:56:58 +0300 (EEST) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n8F2ur0H011761 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 15 Sep 2009 10:56:54 +0800 (SGT) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n8F2upxl011760; Tue, 15 Sep 2009 10:56:51 +0800 (SGT) (envelope-from keramida@freebsd.org) From: Giorgos Keramidas To: dgoodin@theregister.com In-Reply-To: <4AAE95B2.5050409@sitpub.com> (Dan Goodin's message of "Mon, 14 Sep 2009 12:12:50 -0700") References: <4AAE95B2.5050409@sitpub.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (berkeley-unix) Date: Tue, 15 Sep 2009 10:56:50 +0800 Message-ID: <87fxaokj9p.fsf@kobe.laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: media@freebsd.org, freebsd-questions@freebsd.org, press@freebsd.org Subject: Re: reporter on deadline seeks comment about reported security bug in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 03:27:28 -0000 Hi Dan, The right place to report security problems with FreeBSD is to the Security Officer team. A PGP signed email to the email address of the security team at is enough to get the attention of the FreeBSD Project. Przemyslaw should email security-officer with any details he thinks are relevant. Then the security team will make sure to fix the bug for all affected releases of FreeBSD, release a patch with the fix, issue an advisory through the usual channels, and post the details online at our security information web pages at . Regards, Giorgos On Mon, 14 Sep 2009 12:12:50 -0700, Dan Goodin wrote: > Hello, > > Dan Goodin, a reporter at technology news website The Register. Security > researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD > has a security bug. He says he notified the FreeBSD Foundation on August > 29 and never got a response. We'll be writing a brief article about > this. Please let me know ASAP if someone cares to comment. > > Kind regards, > > Dan Goodin > 415-495-5411 > > -------- Original Message -------- > Subject: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer > dereference > Date: Sun, 13 Sep 2009 10:49:33 +0200 > From: Przemyslaw Frasunek > Organization: frasunek.com > To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com > References: <4A9028AC.9080902@freebsd.lublin.pl> > > Przemyslaw Frasunek pisze: >> FreeBSD <= 6.1 suffers from classical check/use race condition on SMP > > There is yet another kqueue related vulnerability. It affects 6.x, up to > 6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no > response until now, so I won't publish any details. > > Sucessful exploitation yields local root and allows to exit from jail. > For now, > you can see demo on: > > http://www.vimeo.com/6554787