-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
Topic:
Hi guys,
Please forgive if this is a bit of a noob question
I noticed that when the bsd.security.see_other_uids sysctl is set to 0, the
netstat command gives no output for users (non-root).
I can't find any mention of this in any documentation ... is this
intentional?
Cheers,
Marc
--
Our
2009/12/3 Marc Silver ma...@draenor.org:
Hi guys,
Please forgive if this is a bit of a noob question
I noticed that when the bsd.security.see_other_uids sysctl is set to 0, the
netstat command gives no output for users (non-root).
No, it gives no access to sockets (switched to per-inpcb
FreeBSD Security Advisories ha scritto:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:16.rtld Security Advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-09:16.rtld Security Advisory
The FreeBSD Project
Topic:
On Dec 3, 2009, at 12:27 PM, Ivan Voras wrote:
Borja Marcos wrote:
On Dec 1, 2009, at 2:20 AM, FreeBSD Security Officer wrote:
A short time ago a local root exploit was posted to the full-disclosure
mailing list; as the name suggests, this allows a local user to execute
arbitrary code as
Hi,
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
[..]
b) Execute the following commands as root:
# cd
thus Jamie Landeg Jones spake:
Sorry, this might seem a stupid question, but...
In several places I read that FreeBSD 6.x is NOT affected; however, I
heard some people discussing how to apply the patch to such systems.
So, I'd like to know for sure: is 6.x affected? Is another patch on the
way
Thu, Dec 03, 2009 at 02:09:36PM +0100, Niels Bakker wrote:
=
FreeBSD-SA-09:15.sslSecurity Advisory
The FreeBSD Project
Jamie Landeg Jones ha scritto:
So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.
Thanks.
So, is a patch on the way for 6.[34] too?
I guess the sec team just wanted to get out what they had as soon as
possible and I agree with them and thanks them.
But I just need to
Hi--
On Dec 3, 2009, at 3:05 AM, Andrea Venturoli wrote:
Sorry, this might seem a stupid question, but...
In several places I read that FreeBSD 6.x is NOT affected; however, I heard
some people discussing how to apply the patch to such systems. So, I'd like
to know for sure: is 6.x
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to freebsd-security-unsubscr...@freebsd.org
The discussion you mention presumably involves checking out the patched
version of rtld sources from 7.x or 8 and building+installing that under 6.x.
Given that 6.x rtld is the older one with a longer history of security
review and doesn't have the current known vulnerability, whereas the
Jamie Landeg Jones wrote:
However, I'd still apply the patch in case some other way to exploit
the non-checking of the unsetenv return status crops up elsewhere.
It can't do any harm.
The problem with that is, on 6.x, unsetenv() returns 'void', so there's
no return value to check on.
On
On 12/03/2009 08:01 PM, Pieter de Boer wrote:
Jamie Landeg Jones wrote:
However, I'd still apply the patch in case some other way to exploit
the non-checking of the unsetenv return status crops up elsewhere.
It can't do any harm.
The problem with that is, on 6.x, unsetenv() returns
On 12/03/2009 08:01 PM, Pieter de Boer wrote:
Jamie Landeg Jones wrote:
However, I'd still apply the patch in case some other way to exploit
the non-checking of the unsetenv return status crops up elsewhere.
It can't do any harm.
The problem with that is, on 6.x, unsetenv()
On 12/03/2009 08:15 PM, Andrew Thompson wrote:
On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote:
On 12/03/2009 08:01 PM, Pieter de Boer wrote:
Jamie Landeg Jones wrote:
However, I'd still apply the patch in case some other way to exploit
the non-checking of the unsetenv return
On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote:
On 12/03/2009 08:01 PM, Pieter de Boer wrote:
Jamie Landeg Jones wrote:
However, I'd still apply the patch in case some other way to exploit
the non-checking of the unsetenv return status crops up elsewhere.
It can't do
Any body can explain why no credit section for this advisory?
On Thu, Dec 3, 2009 at 1:30 AM, FreeBSD Security Advisories
security-advisor...@freebsd.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
Hello!
The change that introduced the bug was made as follows:
| Revision 1.124: download - view: text, markup, annotated - select for diffs
| Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp
| Branches: MAIN
...
This was also ported MFC'd into 6.3 onwards:
...
So, yes,
On Thu, 3 Dec 2009 09:30:39 GMT, FreeBSD Security Advisories
security-advisor...@freebsd.org said:
NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate
SSL / TLS session parameters. As a result, connections in which the other
party attempts to renegotiate session
21 matches
Mail list logo