[17550] in bugtraq
Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED]
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Tue Nov 7 16:19:25 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX"
Content-Disposition: inline
Message-ID: <20001107113558.A40188@citusc17.usc.edu>
Date: Tue, 7 Nov 2000 11:35:58 -0800
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
X-To: vort-fu <vort@WIRETAPPED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.21.0011071255400.30141-100000@new.wiretapped.net>;
from vort@WIRETAPPED.NET on Tue, Nov 07, 2000 at 01:12:56PM +1100
--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Nov 07, 2000 at 01:12:56PM +1100, vort-fu wrote:
> >From my initial findings, this was not exploitable (not easily if at all=
),
> as the command input is restricted in length, 50 bytes from memory. No
> supplied addresses can be accessed nor any that could be used to
> easily modify the ret of a call.
Oh well, better to be safe than sorry. There have been more unlikely
situations exploited than this one, so who knows.
> >NOTE: The original version of this advisory contained an incomplete
> >patch which does not fully eliminate the security vulnerability. The
> >additional vulnerability was pointed out by Przemyslaw Frasunek
> ><venglin@freebsd.lublin.pl>.
>=20
> It seems that somebody from the freebsd team didnt copy and paste well
> enough from my openbsd patch, but the missing segment in the original
> fbsd patch was only added for 'completeness' on my behalf.
>=20
> The error lied in the kill command alone, the renice command was
> unaffected, thus the updated patch is not necessarily needed.
Ditto.
> Personally I would put this down to a programming error, and not an
> (exploitable) vulnerability. Though I admit that I am not an overly
> superkraduberleet(tm) exploit coder, and dont pretend to be, but if anyone
> can exploit this bug, please forward to the list.
>=20
> ps. This was sent to the openbsd team, and patched, a month or so ago. How
> can the freebsd team justify the lateness in applying their patch
> (especially considering that they felt it was exploitable)?
Easy, it wasn't sent to us (FreeBSD Security Officer). Some of us also
have other things in our life apart from computers and slavishly
following OpenBSD mailing lists.
Kris
--huq684BweRXVnRxX
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjoIWZ4ACgkQWry0BWjoQKWKrgCfQkl6NMFovW6UOUvKlJtr04eR
Bb0An3k4k2sKf1nbD3U8kMZDpHr5TDRj
=LkUK
-----END PGP SIGNATURE-----
--huq684BweRXVnRxX--
