Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679

From: Lutz Boehne <lboehne@xxxxxxxxxxx>
Date: Fri, 24 Nov 2006 22:24:12 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[It's just a panic]
I was so transfixed on Josh stating that the attacker could as well just
mount a filesystem with suid root binaries and how that would be more
useful than a buffer overflow in the filesystem driver. I totally missed
the fact that we were talking about two bugs where the kernel
deliberately called panic() ;).

So in this case I'd agree that the panic() is undesirable, but not
really a security issue.

Lutz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFZ2L5DbEkl9DbWrYRAus0AJwPEkX240mVIWme//LzHw210kUzKQCffFv1
6KGhWX9L0kzuMxk+JR+GyCg=
=RSll
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

References:
- Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
  - From: David Malone
- Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
  - From: Josh Paetzel
- Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
  - From: Lutz Boehne
- Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
  - From: Bill Moran
- Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
  - From: Erik Trulsson
- Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
  - From: Bill Moran

Prev by Date: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
Next by Date: Re: freebsd-security Digest, Vol 187, Issue 4
Previous by thread: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824, MOKB-03-11-2006, CVE-2006-5679
Next by thread: Re: freebsd-security Digest, Vol 187, Issue 4
Index(es):
- Date
- Thread

Relevant Pages

File sizes > 2 GB on isofs?
... filesystem with sizes> 2 GB. ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: vfat broken in 2.6.10?
... > unclean shutdown. ... I'm not damaging the filesystem except by actually using it. ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: [RFC][PATCH] inotify 0.10.0
... | --Why Not dnotify and Why inotify -- ... filesystem mounted in two locations (for instance, ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: INODES! Im so confused! Please help!
... | Yesterday I've got some problems with the filesystem of a server. ... | thing called INODES. ... Perhaps a read of section IV of "The Unix Time Sharing System" (a Bell Labs ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
(comp.unix.admin)
Re: [PATCH 25/28] VFS: statfs(64) shouldnt follow last component symlink
... >>show the true path. ... > resolution when it just refers to a path on the filesystem. ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)