Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems
From: Nicolas Rachinsky (list@rachinsky.de)
Date: 04/11/02
- Next message: Jon DeShirley: "Re: Switching from ipfw to pf"
- Previous message: Brett Glass: "[Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- In reply to: Brett Glass: "[Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Next in thread: Crist J. Clark: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Reply: Crist J. Clark: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Reply: Darren Reed: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Apr 2002 22:45:17 +0200 From: Nicolas Rachinsky <list@rachinsky.de> To: security@FreeBSD.ORG
* Brett Glass <brett@lariat.org> [2002-04-11 14:12:01 -0600]:
> [This is a corrected version of the previous message, which omitted
> the word "isn't" near the beginning of the second paragraph.]
>
> The vulnerability described in the message below is a classic
> "in-band signalling" problem that may give an unauthorized user
> the ability to run an arbitrary command as root.
>
> Fortunately, the vulnerability isn't present in FreeBSD's daily, weekly,
> and monthly maintenance scripts, because they use sendmail rather
> than /bin/mail. Nonetheless, the same patch should be applied to
> FreeBSD's /bin/mail due to the possibility that other privileged
> utilities (or user-written scripts) might use /bin/mail instead of
> sendmail to create e-mail messages.
man mail says:
-I Forces mail to run in interactive mode even when input is not a
terminal. In particular, the `~' special character when sending
mail is only active in interactive mode.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Jon DeShirley: "Re: Switching from ipfw to pf"
- Previous message: Brett Glass: "[Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- In reply to: Brett Glass: "[Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Next in thread: Crist J. Clark: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Reply: Crist J. Clark: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Reply: Darren Reed: "Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
