Bugtraq mailing list archives
Re: OpenBSD Security Advisory
From: Tim Yardley <yardley () UIUC EDU>
Date: Wed, 4 Oct 2000 12:48:31 -0500
I would like to add to this in stating that it seems to almost always be OpernBSD's practice to silently fix bugs. I also agree that it is not in the best interest of everyone else out there. To expound upon the fstat issue, on 2.6 (using the canned exploit) you get egid=2 (kmem). 2.8 does not give you a shell, but instead results in a "File name too long" message. /tmy At 02:31 AM 10/4/2000, K2 wrote:
Here is another exploit for an application (fstat) that OpenBSD's format string audit has seemingly forgotten about. What I would like to
<snip>
Where are these advisories from the OpenBSD TEAM? Is their pride to great to accept these bugs, code fix, announce patch and move on? I do not believe that silently fixing vulnerabilities is in the best interest of anybody. ------------------ K2 (ktwo () ktwo ca) http://www.ktwo.ca PS. Thx caddis for some tips ;)/* * theoBSD fstat - private caddis & K2 release * TagTeam exploit coding @$_*#%*&(#%(**(@$*($@ * * greets: #!adm, #!teso, #!w00w00 * */
<snip> /tmy -- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - --------------+ | Tim Yardley (yardley () uiuc edu) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - --------------+
Current thread:
- OpenBSD Security Advisory Aaron Campbell (Oct 03)
- <Possible follow-ups>
- Re: OpenBSD Security Advisory K2 (Oct 04)
- Re: OpenBSD Security Advisory Todd C. Miller (Oct 04)
- Re: OpenBSD Security Advisory Tim Yardley (Oct 04)
- talkd [WAS: Re: OpenBSD Security Advisory] Chris Evans (Oct 05)
- Re: OpenBSD Security Advisory Jeremy C. Reed (Oct 08)