On Sun, 24 Oct 2010, Michael Gilbert wrote:
package: kfreebsd-7 version: 7.3-7 severity: serious tags: security another freebsd privilege escalation has been disclosed: http://www.exploit-db.com/exploits/15206/ this seems different than the recent CVE advisories. i haven't checked any of this, but they claim 7.0-7.2 are affected and don't mention 8, so who knows if its affected. all of this should be checked.
It looks like http://seclists.org/fulldisclosure/2010/Sep/107 The bug was fixed in following commit: http://svn.freebsd.org/viewvc/base?view=revision&revision=196689Nevertheless it was not recognized as security vulnerability. The following versions are vulnerable:
7.0-RELEASE 7.1-RELEASE 7.2-RELEASE 8.0-RELEASE (system crash only) Not vulnerable versions: 6.x-RELEASE 7.3-RELEASE 8.1-RELEASE 7-STABLE and 8-STABLE after 05/09/2009