Dan Goodin wrote:

Dan Goodin, a reporter at technology news website The Register. Security
researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD
has a security bug. He says he notified the FreeBSD Foundation on August
29 and never got a response. We'll be writing a brief article about
this. Please let me know ASAP if someone cares to comment.

Kind regards,

Dan Goodin

-------- Original Message --------
Subject: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer
Date: Sun, 13 Sep 2009 10:49:33 +0200
From: Przemyslaw Frasunek <veng...@freebsd.lublin.pl>
Organization: frasunek.com
To: full-disclos...@lists.grok.org.uk, bugt...@securityfocus.com
References: <4a9028ac.9080...@freebsd.lublin.pl>

Przemyslaw Frasunek pisze:
FreeBSD <= 6.1 suffers from classical check/use race condition on SMP

There is yet another kqueue related vulnerability. It affects 6.x, up to
6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no
response until now, so I won't publish any details.

Sucessful exploitation yields local root and allows to exit from jail.
For now,
you can see demo on:


You need to contact the Security Officer to get the official position.  That's 

I don't know why you seem to think this should have been reported to the FreeBSD
Foundation.  They aren't the responsible parties.  What to do is clearly 
on this web page: http://www.freebsd.org/security/security.html (which Przemyslaw for one seems to have read).



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to