oss-sec mailing list archives
Re: CVE Request: FreeBSD kernel
From: Eitan Adler <eadler () freebsd org>
Date: Mon, 24 Oct 2011 15:12:53 -0400
On Thu, Oct 20, 2011 at 12:26 PM, Moritz Muehlenhoff <jmm () debian org> wrote:
http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.ascThis has been assigned CVE-2011-4062 by MITRE in the mean time.
Something is odd with the MITRE CVE: According to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4062 the bug is in the Linux emulation code. However the bug is really in the bind(2) system call. There was a different bug in the emulation code exposed by fixing the bind vulnerability but the system is vulnerable even without linux emulation turned on. Additionally Debian appears to have copied the incorrect data from the MITRE cve (http://www.debian.org/security/2011/dsa-2325)/ -- Eitan Adler Ports committer X11, Bugbusting teams
Current thread:
- CVE Request: pam Marc Deslauriers (Oct 18)
- Re: CVE Request: pam Josh Bressers (Oct 18)
- CVE Request: FreeBSD kernel Aurelien Jarno (Oct 19)
- Re: CVE Request: FreeBSD kernel Josh Bressers (Oct 20)
- Re: CVE Request: FreeBSD kernel Moritz Muehlenhoff (Oct 20)
- Re: CVE Request: FreeBSD kernel Eitan Adler (Oct 24)
- Re: CVE Request: FreeBSD kernel Colin Percival (Oct 24)
- Re: CVE Request: FreeBSD kernel Josh Bressers (Oct 20)