Re: OpenBSD 2.9,2.8 local root compromise

From: Przemyslaw Frasunek (venglinat_private)
Date: Thu Jun 14 2001 - 10:09:31 PDT

Next message: Michael B. Morell: "RE: Microsoft Security Bulletin MS01-030"

Previous message: Alexander K. Yezhov: "Anonymized ? Not yet. - Part II"
In reply to: Georgi Guninski: "OpenBSD 2.9,2.8 local root compromise"
Next in thread: Jason R Thorpe: "Re: OpenBSD 2.9,2.8 local root compromise"
Next in thread: Andreas Haugsnes: "Re: OpenBSD 2.9,2.8 local root compromise"
Reply: Jason R Thorpe: "Re: OpenBSD 2.9,2.8 local root compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> OpenBSD 2.9,2.8
> Have not tested on other OSes but they may be vulnerable

FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id
privileges before allowing detach.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *

Next message: Michael B. Morell: "RE: Microsoft Security Bulletin MS01-030"
Previous message: Alexander K. Yezhov: "Anonymized ? Not yet. - Part II"
In reply to: Georgi Guninski: "OpenBSD 2.9,2.8 local root compromise"
Next in thread: Jason R Thorpe: "Re: OpenBSD 2.9,2.8 local root compromise"
Next in thread: Andreas Haugsnes: "Re: OpenBSD 2.9,2.8 local root compromise"
Reply: Jason R Thorpe: "Re: OpenBSD 2.9,2.8 local root compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 13:32:19 PDT