|
Multiple Vendor BSD /proc File Sytem Vulnerability
Solution: OpenBSD has the following patch available: http://www.openbsd.org/errata.html#procfs FreeBSD has the following patch available: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:02/procfs.patch From the NetBSD advisory: A patch is available for NetBSD 1.4.1, that revokes all vnodes referring to procfs files when a process is about to execute a setuid or setgid binary. It is located at: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000130-procfs NetBSD-current since 20000126 is not vulnerable. Users of NetBSD-current should upgrade to a source tree later than 20000126 |
|
|
Privacy Statement |
