Re: FreeBSD bug grants local root access (FreeBSD 6.x)

On 2009.09.25 08:52:25 -0400, Mike Tancsa wrote:
> At 05:08 AM 9/15/2009, Xin LI wrote:
> >Frederique Rijsdijk wrote:
> > > Hi,
> > >
> > > Any info on this subject on
> > >
> > > http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/
> >
> >Currently we (secteam@) are testing the correction patch and do
> >peer-review on the security advisory draft, the bug was found and fixed
> >on -HEAD and 7-STABLE before 7.1-RELEASE during some stress test but was
> >not recognized as a security vulnerability at that time.  The exploit
> >code has to be executed locally, i.e. either by an untrusted local user,
> >or be exploited in conjunction with some remote vulnerability on
> >applications that allow the attacker to inject their own code.
> >
> >We can not release further details about the problem at this time,
> >though, but I think we will likely to publish the advisory and
> >correction patch this patch Wednesday.
> 
>          Just wondering if there is any update on this issue ?

It turned out more difficult to fix than expected and we (secteam)
didn't handle that as well as we should have, but I think we are
almost there so the advisory should be out soon - sometime this week
at the latest.

Sorry about the delay - this should have been fixed by now.

-- 
Simon L. Nielsen
FreeBSD Deputy Security Officer
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"