[21051] in bugtraq
Re: OpenBSD 2.9,2.8 local root compromise
daemon@ATHENA.MIT.EDU (Georgi Guninski)
Fri Jun 15 22:39:00 2001
Message-ID: <3B2A30C4.CDD15D1B@guninski.com>
Date: Fri, 15 Jun 2001 18:59:00 +0300
From: Georgi Guninski <guninski@guninski.com>
MIME-Version: 1.0
To: Andreas Haugsnes <andreas@haugsnes.no>
Cc: Bugtraq <BUGTRAQ@securityfocus.com>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Hello,
Andreas Haugsnes wrote:
>
> I must say that I gasped and had to wipe sweat from my
> forehead when I read, tested and could confirm this
> exploit.
>
> The OpenBSD-team has known about this for -6- days (15th of June),
> and they haven't been able to come up with atleast a temporary fix?
> I can't find anything on errdata / security warnings,
> what's up with that?
>
I have communicated with several vendors and IMHO the OpenBSD folks are quite nice.
They are much better than Microsoft for example.
I believe that this patch is not trivial.
Georgi Guninski
> Andreas Haugsnes
>
> On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> > Georgi Guninski security advisory #47, 2001
> >
> > OpenBSD 2.9,2.8 local root compromise
> >
> > Systems affected:
> > OpenBSD 2.9,2.8
> > Have not tested on other OSes but they may be vulnerable
>
> > Vendor status:
> > OpenBSD was informed on 9 June 2001.
