Colin Percival
2006-Oct-10 16:00 UTC
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Bill Moran wrote:> This report seems pretty vague. I'm unsure as to whether the alleged > "bug" gives the user any more permissions than he'd already have? Anyone > know any details?This is a local denial of service bug, which was fixed 6 weeks ago in HEAD and RELENG_6. There is no opportunity for either remote denial of service or any privilege escalation.> VI. VENDOR RESPONSE > > "The policy of the FreeBSD Security Team is that local denial of service > bugs not be treated as security issues; it is possible that this problem > will be corrected in a future Erratum."If there was any potential for (a) privilege escalation, (b) disclosure of potentially sensitive information, or (c) denial of service by a non-authenticated attacker, we would have issued a security advisory. Colin Percival
Colin Percival
2006-Oct-10 21:48 UTC
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Bill Moran wrote:> Colin Percival <cperciva@freebsd.org> wrote: >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD^^^^^^^^^^^^^^^^^^^^^^^^^^^> That was what I expected. Section III seems to hint that it could be > used by an unprivilidged user to crash or lock a system.Yes. An unprivileged user who is able to execute code on an affected system can cause a kernel panic. There are a variety of reasons for not treating bugs like this as security issues; the strongest reason imho is that if one of your users is making a system crash, you can disable his account and call the police.> BTW, are you going to be at NYCBSDCon?No -- I only go to conferences if I have a paper to present. Colin Percival
Bill Moran
2006-Oct-11 05:24 UTC
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Colin Percival <cperciva@freebsd.org> wrote:> Bill Moran wrote: > > This report seems pretty vague. I'm unsure as to whether the alleged > > "bug" gives the user any more permissions than he'd already have? Anyone > > know any details? > > This is a local denial of service bug, which was fixed 6 weeks ago in HEAD > and RELENG_6. There is no opportunity for either remote denial of service > or any privilege escalation. > > > VI. VENDOR RESPONSE > > > > "The policy of the FreeBSD Security Team is that local denial of service > > bugs not be treated as security issues; it is possible that this problem > > will be corrected in a future Erratum." > > If there was any potential for > (a) privilege escalation, > (b) disclosure of potentially sensitive information, or > (c) denial of service by a non-authenticated attacker, > we would have issued a security advisory.That was what I expected. Section III seems to hint that it could be used by an unprivilidged user to crash or lock a system. I suspect they used it as root to crash/lock the OS. But I don't need any bugs to do that as root, so it doesn't really count as a security issue. BTW, are you going to be at NYCBSDCon? If so, seek me out -- I owe you a beer at the least. As always, thanks for the quick response. -- Bill Moran That seem right to you? Jubal Early
Harald Muehlboeck
2006-Oct-14 04:43 UTC
iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability
Colin Percival <cperciva@freebsd.org> writes:>> "The policy of the FreeBSD Security Team is that local denial of service >> bugs not be treated as security issues; it is possible that this problem >> will be corrected in a future Erratum." > > If there was any potential for > (a) privilege escalation, > (b) disclosure of potentially sensitive information, or > (c) denial of service by a non-authenticated attacker, > we would have issued a security advisory.I am missing this information on <http://www.freebsd.org/security/>. The site does not say wich bugs are treated as security issue and which are not. Perhaps these three points above can be added to the website.
Reasonably Related Threads
- Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl
- RELENG_6_2 EoL Date?
- [labs@idefense.com: iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x]
- Fundraising for FreeBSD security development
- Freebsd-update and 6.1-RELEASE