On Sun, 24 Oct 2010, Michael Gilbert wrote:
package: kfreebsd-7
version: 7.3-7
severity: serious
tags: security
another freebsd privilege escalation has been disclosed:
http://www.exploit-db.com/exploits/15206/
this seems different than the recent CVE advisories. i haven't
checked any of this, but they claim 7.0-7.2 are affected and don't
mention 8, so who knows if its affected. all of this should be
checked.
It looks like http://seclists.org/fulldisclosure/2010/Sep/107
The bug was fixed in following commit:
http://svn.freebsd.org/viewvc/base?view=revision&revision=196689
Nevertheless it was not recognized as security vulnerability.
The following versions are vulnerable:
7.0-RELEASE
7.1-RELEASE
7.2-RELEASE
8.0-RELEASE (system crash only)
Not vulnerable versions:
6.x-RELEASE
7.3-RELEASE
8.1-RELEASE
7-STABLE and 8-STABLE after 05/09/2009
--
To UNSUBSCRIBE, email to debian-bsd-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/pine.lnx.4.62.1010250657280.12...@sci.felk.cvut.cz
