Re: FreeBSD bug grants local root access (FreeBSD 6.x)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Frederique Rijsdijk wrote:
> Hi,
> 
> Any info on this subject on
> 
> http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/

Currently we (secteam@) are testing the correction patch and do
peer-review on the security advisory draft, the bug was found and fixed
on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was
not recognized as a security vulnerability at that time.  The exploit
code has to be executed locally, i.e. either by an untrusted local user,
or be exploited in conjunction with some remote vulnerability on
applications that allow the attacker to inject their own code.

We can not release further details about the problem at this time,
though, but I think we will likely to publish the advisory and
correction patch this patch Wednesday.

Cheers,
- --
Xin LI <delphij@delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEARECAAYFAkqvWZgACgkQi+vbBBjt66DAwACdHwj+VB8Ak0oRwhiH7X16+2Wl
nU0An2bMd4Y40DqCUJI+DEmNmozmm7fz
=+LtQ
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"