Debian Bug report logs - #613311
kfreebsd: kernel leak

version graph

Package: kfreebsd-8; Maintainer for kfreebsd-8 is GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>;

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Mon, 14 Feb 2011 00:30:01 UTC

Severity: important

Tags: security

Found in version 8.1+dfsg-7.1

Done: Petr Salinger <Petr.Salinger@seznam.cz>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>:
Bug#613311; Package kfreebsd-8. (Mon, 14 Feb 2011 00:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>. (Mon, 14 Feb 2011 00:30:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: kfreebsd: kernel leak
Date: Sun, 13 Feb 2011 19:30:19 -0500
package: kfreebsd-8
version: 8.1+dfsg-7.1
severity: important
tags: security

an exploit has been posted for freebsd using a kernel leak and their
ftpd [0]. it's against an ancient version of freebsd (5.3), so it may
not affect newer versions.  i don't have time to verify whether any of
the claims actually affect the debian kfreebsd.  i would suggest
discussing this with upstream.

best wishes,
mike

[0] http://www.exploit-db.com/exploits/16119/




Reply sent to Petr Salinger <Petr.Salinger@seznam.cz>:
You have taken responsibility. (Mon, 14 Feb 2011 07:03:06 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Mon, 14 Feb 2011 07:03:06 GMT) Full text and rfc822 format available.

Message #10 received at close@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, close-613311@bugs.debian.org
Subject: Re: Bug#613311: kfreebsd: kernel leak
Date: Mon, 14 Feb 2011 08:03:46 +0100 (CET)
> an exploit has been posted for freebsd using a kernel leak and their
> ftpd [0]. it's against an ancient version of freebsd (5.3), so it may
> not affect newer versions.  i don't have time to verify whether any of
> the claims actually affect the debian kfreebsd.  i would suggest
> discussing this with upstream.
>
> [0] http://www.exploit-db.com/exploits/16119/

The description clearly references to FreeBSD-SA-05:02.sendfile [1],
It is fixed in 5.4 and later releases.

Petr

[1] http://security.freebsd.org/advisories/FreeBSD-SA-05:02.sendfile.asc




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 14 Mar 2011 07:32:57 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 03:42:37 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.