[21023] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: OpenBSD 2.9,2.8 local root compromise

daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Thu Jun 14 16:31:26 2001

Date: Thu, 14 Jun 2001 19:09:31 +0200
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
To: Georgi Guninski <guninski@guninski.com>
Cc: Bugtraq <BUGTRAQ@securityfocus.com>
Message-ID: <20010614190931.H50393@riget.scene.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3B28C6D6.BB215609@guninski.com>; from guninski@guninski.com on Thu, Jun 14, 2001 at 05:14:46PM +0300

On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> OpenBSD 2.9,2.8
> Have not tested on other OSes but they may be vulnerable

FreeBSD 4.3-STABLE isn't vulnerable. Looks like it's dropping set[ug]id
privileges before allowing detach.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21023] in bugtraq

Re: OpenBSD 2.9,2.8 local root compromise

daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)Thu Jun 14 16:31:26 2001

daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Thu Jun 14 16:31:26 2001