Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 May 2000 22:32:49 -0600
From:      Brett Glass <brett@lariat.org>
To:        Warner Losh <imp@village.org>, Fernando Schapachnik <fpscha@via-net-works.net.ar>
Cc:        cjclark@home.com, freebsd-security@FreeBSD.ORG
Subject:   Re: The procfs Hole in 2.2.8-STABLE? 
Message-ID:  <4.3.1.2.20000522222344.00dd2870@localhost>
In-Reply-To: <200005230344.VAA99816@harmony.village.org>
References:  <Your message of "Mon, 22 May 2000 22:26:15 -0300." <200005230126.WAA02250@ns1.via-net-works.net.ar> <200005230126.WAA02250@ns1.via-net-works.net.ar>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 09:44 PM 5/22/2000, Warner Losh wrote:

>Generally speaking, if the advisory doesn't mention the version of
>freebsd you are interested in, then the bug is likely still in that
>version.  Also, there have been several DoS bugs that people have
>written exploits for after bugs were corrected in FreeBSD.  Not all of
>these have had advisories since some of them have come along months or
>years after the bug fix.

As far as I know, the only remote exploits for 2.2.8 itself are DoS 
attacks, not root exploits. However, there ARE root exploits for some 
of the ported third-party daemons that were included with that release. 
Make sure that key daemons such as Apache, BIND, SSH, QPopper, etc. are 
updated and that unnecessary services are shut down. You should then
be OK.

The biggest stability problems in 2.2.8 have to do with problems in some
of the old PCI and ATAPI code. (On some machines, it was necessary to
compile with the ATAPI_STATIC option and remove the PCI driver to make
the system stable, as I learned the hard way.)

I administer very few systems that still run 2.2.8, but there are some.
They're small-memory systems that would have trouble with the larger 
kernels generated by later versions.

--Brett Glass



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.2.20000522222344.00dd2870>