[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-security
Subject: Re: UFS Bug: FreeBSD 6.1/6.2/7.0: MOKB-08-11-2006, CVE-2006-5824,
From: Lutz Boehne <lboehne () damogran ! de>
Date: 2006-11-24 21:24:12
Message-ID: 456762FC.90108 () damogran ! de
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[It's just a panic]
I was so transfixed on Josh stating that the attacker could as well just
mount a filesystem with suid root binaries and how that would be more
useful than a buffer overflow in the filesystem driver. I totally missed
the fact that we were talking about two bugs where the kernel
deliberately called panic() ;).
So in this case I'd agree that the panic() is undesirable, but not
really a security issue.
Lutz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFZ2L5DbEkl9DbWrYRAus0AJwPEkX240mVIWme//LzHw210kUzKQCffFv1
6KGhWX9L0kzuMxk+JR+GyCg=
=RSll
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic