AFAIK its been fixed in -current, and it _will_ be in errata shortly.. in the meantime, there is a hotfix for the code itself, read the mailing lists.. OR in /etc/fstab, make /tmp nosuid and noexec, then mount -u /tmp (you did make tmp a seperate partition.. didn tyou?) ----- Original Message ----- From: "Andreas Haugsnes" <andreasat_private> To: "Bugtraq" <BUGTRAQat_private> Sent: Friday, June 15, 2001 3:18 AM Subject: Re: OpenBSD 2.9,2.8 local root compromise > I must say that I gasped and had to wipe sweat from my > forehead when I read, tested and could confirm this > exploit. > > The OpenBSD-team has known about this for -6- days (15th of June), > and they haven't been able to come up with atleast a temporary fix? > I can't find anything on errdata / security warnings, > what's up with that? > > Andreas Haugsnes > > > On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote: > > Georgi Guninski security advisory #47, 2001 > > > > OpenBSD 2.9,2.8 local root compromise > > > > Systems affected: > > OpenBSD 2.9,2.8 > > Have not tested on other OSes but they may be vulnerable > > > Vendor status: > > OpenBSD was informed on 9 June 2001. >
This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 20:07:49 PDT