Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- From: Colin Percival <cperciva@xxxxxxxxxxx>
- Date: Tue, 10 Oct 2006 15:58:42 -0700
Bill Moran wrote:
This report seems pretty vague. I'm unsure as to whether the alleged
"bug" gives the user any more permissions than he'd already have? Anyone
know any details?
This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
and RELENG_6. There is no opportunity for either remote denial of service
or any privilege escalation.
VI. VENDOR RESPONSE
"The policy of the FreeBSD Security Team is that local denial of service
bugs not be treated as security issues; it is possible that this problem
will be corrected in a future Erratum."
If there was any potential for
(a) privilege escalation,
(b) disclosure of potentially sensitive information, or
(c) denial of service by a non-authenticated attacker,
we would have issued a security advisory.
Colin Percival
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Prev by Date: Proposal: MAC_BIBA and real-world usage
- Next by Date: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Previous by thread: Proposal: MAC_BIBA and real-world usage
- Next by thread: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Index(es):
Relevant Pages
|
|
