-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
Topic: S
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:16.rtld Security Advisory
The FreeBSD Project
Topic: I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:17.freebsd-update Security Advisory
The FreeBSD Project
Topic: I
Hi guys,
Please forgive if this is a bit of a noob question
I noticed that when the bsd.security.see_other_uids sysctl is set to 0, the
netstat command gives no output for users (non-root).
I can't find any mention of this in any documentation ... is this
intentional?
Cheers,
Marc
--
Our deep
2009/12/3 Marc Silver :
> Hi guys,
>
> Please forgive if this is a bit of a noob question
>
> I noticed that when the bsd.security.see_other_uids sysctl is set to 0, the
> netstat command gives no output for users (non-root).
No, it gives no access to sockets (switched to per-inpcb since 7) not
ow
FreeBSD Security Advisories ha scritto:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:16.rtld Security Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:17.freebsd-update Security Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:16.rtld Security Advisory
The FreeBSD Project
Topic:
On Dec 3, 2009, at 12:27 PM, Ivan Voras wrote:
> Borja Marcos wrote:
>> On Dec 1, 2009, at 2:20 AM, FreeBSD Security Officer wrote:
>>> A short time ago a "local root" exploit was posted to the full-disclosure
>>> mailing list; as the name suggests, this allows a local user to execute
>>> arbitra
Hi,
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
[..]
b) Execute the following commands as root:
# cd /us
> Sorry, this might seem a stupid question, but...
> In several places I read that FreeBSD 6.x is NOT affected; however, I
> heard some people discussing how to apply the patch to such systems.
> So, I'd like to know for sure: is 6.x affected? Is another patch on the
> way for it?
>
> bye & Tha
Jamie Landeg Jones ha scritto:
So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.
Thanks.
So, is a patch on the way for 6.[34] too?
I guess the sec team just wanted to get out what they had as soon as
possible and I agree with them and thanks them.
But I just need to plan
thus Jamie Landeg Jones spake:
Sorry, this might seem a stupid question, but...
In several places I read that FreeBSD 6.x is NOT affected; however, I
heard some people discussing how to apply the patch to such systems.
So, I'd like to know for sure: is 6.x affected? Is another patch on the
way
Em Qui, 2009-12-03 às 09:30 +, FreeBSD Security Advisories escreveu:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> =
> FreeBSD-SA-09:16.rtld Security Advisory
>
2009/12/3 Henrique Araujo :
> Em Qui, 2009-12-03 às 09:30 +, FreeBSD Security Advisories escreveu:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> =
>> FreeBSD-SA-09:16.rtld
On Dec 3, 2009, at 1:45 PM, Borja Marcos wrote:
> There's a wrong assumption I made: the MAC subsystem should make a root
> exploit hard to achieve, and the latest security issue shows that indeed
> that's not necessarily the case. I chose not to chroot the runnnig CGI's so
> that they saw a c
Thu, Dec 03, 2009 at 02:09:36PM +0100, Niels Bakker wrote:
> >=
> >FreeBSD-SA-09:15.sslSecurity Advisory
> > The FreeBSD Proje
> Jamie Landeg Jones ha scritto:
>
> > So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.
>
> Thanks.
> So, is a patch on the way for 6.[34] too?
> I guess the sec team just wanted to get out what they had as soon as
> possible and I agree with them and thanks them.
> But I jus
Hi--
On Dec 3, 2009, at 3:05 AM, Andrea Venturoli wrote:
> Sorry, this might seem a stupid question, but...
> In several places I read that FreeBSD 6.x is NOT affected; however, I heard
> some people discussing how to apply the patch to such systems. So, I'd like
> to know for sure: is 6.x affe
> So, what would be 'best of practice' to apply the patch to 6.3-RELEASE
> upwards -- is the FreeBSD-7 patch applicable or should one wait for an
> official announcement?
I just noticed that the patch I replied with is basically the same as the
Freebsd-7 patch that was posted.
However, as has a
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
> The discussion you mention presumably involves checking out the patched
> version of rtld sources from 7.x or 8 and building+installing that under 6.x.
> Given that 6.x rtld is the older one with a longer history of security
> review and doesn't have the current known vulnerability, whereas t
Jamie Landeg Jones wrote:
>
> However, I'd still apply the patch in case some other way to exploit
> the non-checking of the unsetenv return status crops up elsewhere.
>
> It can't do any harm.
The problem with that is, on 6.x, unsetenv() returns 'void', so there's
no return value to check on.
On 12/03/2009 08:01 PM, Pieter de Boer wrote:
> Jamie Landeg Jones wrote:
>>
>> However, I'd still apply the patch in case some other way to exploit
>> the non-checking of the unsetenv return status crops up elsewhere.
>>
>> It can't do any harm.
>
> The problem with that is, on 6.x, unsetenv() re
>
> On 12/03/2009 08:01 PM, Pieter de Boer wrote:
> > Jamie Landeg Jones wrote:
> >>
> >> However, I'd still apply the patch in case some other way to exploit
> >> the non-checking of the unsetenv return status crops up elsewhere.
> >>
> >> It can't do any harm.
> >
> > The problem with that is, o
On 12/03/2009 08:15 PM, Andrew Thompson wrote:
> On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote:
>> On 12/03/2009 08:01 PM, Pieter de Boer wrote:
>>> Jamie Landeg Jones wrote:
However, I'd still apply the patch in case some other way to exploit
the non-checking of the
On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote:
> On 12/03/2009 08:01 PM, Pieter de Boer wrote:
> > Jamie Landeg Jones wrote:
> >>
> >> However, I'd still apply the patch in case some other way to exploit
> >> the non-checking of the unsetenv return status crops up elsewhere.
> >>
>
Any body can explain why no credit section for this advisory?
On Thu, Dec 3, 2009 at 1:30 AM, FreeBSD Security Advisories
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> =
> FreeBSD-SA-09:16.rtld
> Any body can explain why no credit section for this advisory?
Probably because the person who found the bug didn't notify the security
team, but posted it on a public list to gain l33t points.
___
freebsd-security@freebsd.org mailing list
http://lists.
Just in case there is some other way of exploiting the fact that rtld.c didn't
check whether unsetenv was successful (which I bet people are now looking for)
I'd apply the patch to 6.3 and 6.4 also, just to be sure.
Well, they can search as long as they wish - _but_ there's just nothing to
Hello!
The change that introduced the bug was made as follows:
| Revision 1.124: download - view: text, markup, annotated - select for diffs
| Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp
| Branches: MAIN
...
This was also ported MFC'd into 6.3 onwards:
...
So, yes, Free
Borja Marcos wrote:
On Dec 1, 2009, at 2:20 AM, FreeBSD Security Officer wrote:
A short time ago a "local root" exploit was posted to the full-disclosure
mailing list; as the name suggests, this allows a local user to execute
arbitrary code as root.
Dr. Strangelove, or How I learned to love t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
Topic: S
< said:
> NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate
> SSL / TLS session parameters. As a result, connections in which the other
> party attempts to renegotiate session parameters will break. In practice,
> however, session renegotiation is a rarely-used feature,
35 matches
Mail list logo
