Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- From: Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Oct 2006 08:39:29 -0400
In response to Colin Percival <cperciva@xxxxxxxxxxx>:
Bill Moran wrote:
Colin Percival <cperciva@xxxxxxxxxxx> wrote:^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
That was what I expected. Section III seems to hint that it could be
used by an unprivileged user to crash or lock a system.
Yes. An unprivileged user who is able to execute code on an affected system
can cause a kernel panic. There are a variety of reasons for not treating
bugs like this as security issues; the strongest reason imho is that if one
of your users is making a system crash, you can disable his account and call
the police.
Thanks for the clarification.
action. I see that it's already fixed in RELENG_6_1. Am I correct thatFrom my standpoint, this qualifies as a "privilege escalation" and warrants
there is no intention to MFC this back to RELENG_6_0?
And, yes, I can't spell "unprivileged" to save my life, and the spell
checker was turned off on my other computer ...
--
Bill Moran
Collaborative Fusion Inc.
****************************************************************
IMPORTANT: This message contains confidential information and is
intended only for the individual named. If the reader of this
message is not an intended recipient (or the individual
responsible for the delivery of this message to an intended
recipient), please be advised that any re-use, dissemination,
distribution or copying of this message is prohibited. Please
notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a
result of e-mail transmission.
****************************************************************
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- From: Colin Percival
- Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- From: Bill Moran
- Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- From: Colin Percival
- Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Prev by Date: Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon
- Next by Date: I cannot upgrade openssl-stablr
- Previous by thread: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Next by thread: Re: iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
- Index(es):
Relevant Pages
|
|
