Upcoming FreeBSD Security Advisory
Jan Muenther
jan.muenther at nruns.com
Tue Dec 1 12:06:44 UTC 2009
Hi,
> I am new to patching systems, so forgive "stupid" questions. We have some 6.1
> systems. Are or will there be a patch for them or are they not involved in
> this problem?
>
> I am new to patching systems, so forgive me any stupid questions. We have some
> 6.1 and 6.3 systems. Are or will there be patches fro them or are they not
> involved in this problem?
>
> How do i apply such a patch? With freebsd-update? As far as i know is this
> tool only for systems >= 6.3 or?
>
Patches are patches for the source code, so you'll have to apply them
with the patch(1) program and then re-compile.
I'd be greatly surprised if the affected code looked different in 6.x.
The bug itself is fairly interesting actually, if only for the reason
that it displays what can happen if you don't check return values -
other prime example of this causing security issues that I can think of
off the top of my head are Windows impersonation bugs.
stealth wrote this up:
http://xorl.wordpress.com/2009/12/01/freebsd-ld_preload-security-bypass/
Maybe that sheds some light.
Cheers,
Jan
More information about the freebsd-security
mailing list