Hello, Andreas Haugsnes wrote: > > I must say that I gasped and had to wipe sweat from my > forehead when I read, tested and could confirm this > exploit. > > The OpenBSD-team has known about this for -6- days (15th of June), > and they haven't been able to come up with atleast a temporary fix? > I can't find anything on errdata / security warnings, > what's up with that? > I have communicated with several vendors and IMHO the OpenBSD folks are quite nice. They are much better than Microsoft for example. I believe that this patch is not trivial. Georgi Guninski > Andreas Haugsnes > > On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote: > > Georgi Guninski security advisory #47, 2001 > > > > OpenBSD 2.9,2.8 local root compromise > > > > Systems affected: > > OpenBSD 2.9,2.8 > > Have not tested on other OSes but they may be vulnerable > > > Vendor status: > > OpenBSD was informed on 9 June 2001.
This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 19:39:05 PDT