Hi Dan,

The right place to report security problems with FreeBSD is to the
Security Officer team.  A PGP signed email to the email address of the
security team at <security-offi...@freebsd.org> is enough to get the
attention of the FreeBSD Project.

Przemyslaw should email security-officer with any details he thinks are
relevant.  Then the security team will make sure to fix the bug for all
affected releases of FreeBSD, release a patch with the fix, issue an
advisory through the usual channels, and post the details online at our
security information web pages at <http://www.FreeBSD.org/security/>.


On Mon, 14 Sep 2009 12:12:50 -0700, Dan Goodin <dgoo...@sitpub.com> wrote:
> Hello,
> Dan Goodin, a reporter at technology news website The Register. Security
> researcher Przemyslaw Frasunek says versions 6.x through 6.4 of FreeBSD
> has a security bug. He says he notified the FreeBSD Foundation on August
> 29 and never got a response. We'll be writing a brief article about
> this. Please let me know ASAP if someone cares to comment.
> Kind regards,
> Dan Goodin
> 415-495-5411
> -------- Original Message --------
> Subject: Re: [Full-disclosure] FreeBSD <= 6.1 kqueue() NULL pointer
> dereference
> Date: Sun, 13 Sep 2009 10:49:33 +0200
> From: Przemyslaw Frasunek <veng...@freebsd.lublin.pl>
> Organization: frasunek.com
> To: full-disclos...@lists.grok.org.uk, bugt...@securityfocus.com
> References: <4a9028ac.9080...@freebsd.lublin.pl>
> Przemyslaw Frasunek pisze:
>> FreeBSD <= 6.1 suffers from classical check/use race condition on SMP
> There is yet another kqueue related vulnerability. It affects 6.x, up to
> 6.4-STABLE. FreeBSD security team was notified on 29th Aug, but there is no
> response until now, so I won't publish any details.
> Sucessful exploitation yields local root and allows to exit from jail.
> For now,
> you can see demo on:
> http://www.vimeo.com/6554787
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to