Re: FW: OpenBSD 2.9,2.8 local root compromise (fwd)

From: Peter Pentchev (roam@orbitel.bg)
Date: 06/15/01


Date: Fri, 15 Jun 2001 20:10:58 +0300
From: Peter Pentchev <roam@orbitel.bg>
To: rich@rdrose.org

That 'someone' quoted this same message, and a follow-up, explaining
why someone else actually thinks 4.3 *might* be vulnerable.

G'luck,
Peter

-- 
If the meanings of 'true' and 'false' were switched, then this sentence wouldn't be false.
On Fri, Jun 15, 2001 at 06:04:44PM +0100, rich@rdrose.org wrote:
> Someone asked about 4.3 being susceptible to this attack....
>
> ---------- Forwarded message ----------
> Date: Fri, 15 Jun 2001 08:41:13 -0500
> From: Will Senn <wsenn@postfuture.com>
> To: OpenBSDTech <tech@openbsd.org>
> Subject: FW: OpenBSD 2.9,2.8 local root compromise
> 
> -----Original Message-----
> From: Przemyslaw Frasunek [mailto:venglin@freebsd.lublin.pl]
> Sent: Thursday, June 14, 2001 12:10 PM
> To: Georgi Guninski
> Cc: Bugtraq
> Subject: Re: OpenBSD 2.9,2.8 local root compromise
> 
> 
> On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> > OpenBSD 2.9,2.8
> > Have not tested on other OSes but they may be vulnerable
> 
> FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id
> privileges before allowing detach.
> 
> -- 
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • FW: OpenBSD 2.9,2.8 local root compromise (fwd)
    ... OpenBSD 2.9,2.8 local root compromise ... > Have not tested on other OSes but they may be vulnerable ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • [EXPL] /usr/bin/mail OpenBSD Local Root Compromise (Escaping Tilde, Exploit)
    ... OpenBSD including OpenBSD Current prior to April 9, 2002 due to a bug in ... OpenBSD Local Root Compromise ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • Re: philosophical question...
    ... > OpenBSD first and ported to FreeBSD once it has proved itself. ... Anyone mind if I start a discussion about encrypted swap? ... assuming theydon't know the seed for the random key ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: philosophical question...
    ... >> OpenBSD first and ported to FreeBSD once it has proved itself. ... > Anyone mind if I start a discussion about encrypted swap? ... > the implications. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: FW: OpenBSD 2.9,2.8 local root compromise (fwd)
    ... A followup to the message you quote below seems to imply this is not the ... case and FreeBSD might be vulnerable. ... >Subject: FW: OpenBSD 2.9,2.8 local root compromise ...
    (FreeBSD-Security)