FreeBSD UFS "vulnerability": Is NIST off its medication, or am I
missing something?
Bill Moran
wmoran at collaborativefusion.com
Tue Nov 14 01:13:08 UTC 2006
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5824
Following the links around, it seems that you would have to mount a "corrupt" or
"malicious" filesystem in order to exploit this "vulnerability".
Yes, NIST claims there is no authentication required to exploit? Are new versions
of FreeBSD suddenly allowing unauthenticated users to mount filesystems by default?
If so, something's wrong with my 6.1 workstation!
It seems like this is the 2nd or 3rd "vulnerability" I've seen that's been blown
out of proportion by NIST, or am I missing something?
More information about the freebsd-questions
mailing list