Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit

To: Michael Gilbert <michael.s.gilbert@gmail.com>, 601305@bugs.debian.org
Subject: Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
From: Petr Salinger <Petr.Salinger@seznam.cz>
Date: Mon, 25 Oct 2010 06:59:58 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.62.1010250657280.12241@sci.felk.cvut.cz>
Reply-to: Petr Salinger <Petr.Salinger@seznam.cz>, 601305@bugs.debian.org
In-reply-to: <[🔎] AANLkTimm7Cq8JnwLRK3hJcXHex=aQ2n0XxkP3JiyrOMa@mail.gmail.com>
References: <[🔎] AANLkTimm7Cq8JnwLRK3hJcXHex=aQ2n0XxkP3JiyrOMa@mail.gmail.com>

On Sun, 24 Oct 2010, Michael Gilbert wrote:

package: kfreebsd-7
version: 7.3-7
severity: serious
tags: security

another freebsd privilege escalation has been disclosed:
http://www.exploit-db.com/exploits/15206/

this seems different than the recent CVE advisories.  i haven't
checked any of this, but they claim 7.0-7.2 are affected and don't
mention 8, so who knows if its affected.  all of this should be
checked.


It looks like http://seclists.org/fulldisclosure/2010/Sep/107

The bug was fixed in following commit:

http://svn.freebsd.org/viewvc/base?view=revision&revision=196689

Nevertheless it was not recognized as security vulnerability.The following versions are vulnerable:


7.0-RELEASE
7.1-RELEASE
7.2-RELEASE
8.0-RELEASE (system crash only)

Not vulnerable versions:

6.x-RELEASE
7.3-RELEASE
8.1-RELEASE
7-STABLE and 8-STABLE after 05/09/2009

Reply to:

References:
- Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
Next by Date: Processed: Re: Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
Previous by thread: Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
Next by thread: Processed: Re: Bug#601305: kfreebsd-8: pseudofs null ptr dereference exploit
Index(es):
- Date
- Thread