Re: OpenBSD 2.9,2.8 local root compromise

From: Rick Updegrove (dislistsat_private)
Date: Fri Jun 15 2001 - 13:44:57 PDT

Next message: Samuel Dralet: "Rxvt vulnerability"

Previous message: Chris Lambert: "Re: The Dangers of Allowing Users to Post Images"
In reply to: Andreas Haugsnes: "Re: OpenBSD 2.9,2.8 local root compromise"
Next in thread: Georgi Guninski: "Re: OpenBSD 2.9,2.8 local root compromise"
Next in thread: jon: "Re: OpenBSD 2.9,2.8 local root compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Andreas Haugsnes" <andreasat_private>

The exploit does work!  It is not easy to execute however, (thank goodness)  It
took me several tries on OpenBSD 2.8

It is all about timing.

> The OpenBSD-team has known about this for -6- days (15th of June),

They knew about it a lot longer than that!  There was a post before guninski's
about it that never developed into a thread for some reason.  My reply to it was
rejected!

> and they haven't been able to come up with atleast a temporary fix?
> I can't find anything on errdata / security warnings,
> what's up with that?

It been fixed the patch is available.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch"

Next message: Samuel Dralet: "Rxvt vulnerability"
Previous message: Chris Lambert: "Re: The Dangers of Allowing Users to Post Images"
In reply to: Andreas Haugsnes: "Re: OpenBSD 2.9,2.8 local root compromise"
Next in thread: Georgi Guninski: "Re: OpenBSD 2.9,2.8 local root compromise"
Next in thread: jon: "Re: OpenBSD 2.9,2.8 local root compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 19:08:47 PDT