[21054] in bugtraq
Re: OpenBSD 2.9,2.8 local root compromise
daemon@ATHENA.MIT.EDU (Jason R Thorpe)
Fri Jun 15 23:21:18 2001
Date: Fri, 15 Jun 2001 10:27:36 -0700
From: Jason R Thorpe <thorpej@zembu.com>
To: Andreas Haugsnes <andreas@haugsnes.no>
Cc: Bugtraq <BUGTRAQ@securityfocus.com>
Message-ID: <20010615102736.A669@dr-evil.shagadelic.org>
Reply-To: thorpej@zembu.com
Mail-Followup-To: Jason R Thorpe <thorpej@zembu.com>,
Andreas Haugsnes <andreas@haugsnes.no>,
Bugtraq <BUGTRAQ@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010615091815.A48802@consistent.unicore.no>; from andreas@haugsnes.no on Fri, Jun 15, 2001 at 09:18:15AM +0200
On Fri, Jun 15, 2001 at 09:18:15AM +0200, Andreas Haugsnes wrote:
> I must say that I gasped and had to wipe sweat from my
> forehead when I read, tested and could confirm this
> exploit.
>
> The OpenBSD-team has known about this for -6- days (15th of June),
> and they haven't been able to come up with atleast a temporary fix?
> I can't find anything on errdata / security warnings,
> what's up with that?
If it's any consolation, NetBSD now (as of the 15th) has a fix for this
problem in-tree (a pullup for the impending 1.5.1 release is in the queue),
and we only found out about it on the 14th.
--
-- Jason R. Thorpe <thorpej@zembu.com>
