Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- From: Colin Percival <cperciva@xxxxxxxxxxx>
- Date: Tue, 10 Oct 2006 21:47:33 -0700
Bill Moran wrote:
Colin Percival <cperciva@xxxxxxxxxxx> wrote:^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
That was what I expected. Section III seems to hint that it could be
used by an unprivilidged user to crash or lock a system.
Yes. An unprivileged user who is able to execute code on an affected system
can cause a kernel panic. There are a variety of reasons for not treating
bugs like this as security issues; the strongest reason imho is that if one
of your users is making a system crash, you can disable his account and call
the police.
BTW, are you going to be at NYCBSDCon?
No -- I only go to conferences if I have a paper to present.
Colin Percival
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- References:
- Prev by Date: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Next by Date: Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon
- Previous by thread: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Next by thread: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Index(es):
