Date: Tue, 10 Oct 2006 15:58:42 -0700 From: Colin Percival <cperciva@freebsd.org> To: Bill Moran <wmoran@collaborativefusion.com> Cc: freebsd security <freebsd-security@freebsd.org>, questions@freebsd.org Subject: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability Message-ID: <452C25A2.6080809@freebsd.org> In-Reply-To: <20061010185141.ce3e7134.wmoran@collaborativefusion.com> References: <20061010185141.ce3e7134.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details? This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation. > VI. VENDOR RESPONSE > > "The policy of the FreeBSD Security Team is that local denial of service > bugs not be treated as security issues; it is possible that this problem > will be corrected in a future Erratum." If there was any potential for (a) privilege escalation, (b) disclosure of potentially sensitive information, or (c) denial of service by a non-authenticated attacker, we would have issued a security advisory. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452C25A2.6080809>