iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability

Colin Percival cperciva at
Tue Oct 10 15:59:29 PDT 2006

Bill Moran wrote:
> This report seems pretty vague.  I'm unsure as to whether the alleged
> "bug" gives the user any more permissions than he'd already have?  Anyone
> know any details?

This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
and RELENG_6.  There is no opportunity for either remote denial of service
or any privilege escalation.

> "The policy of the FreeBSD Security Team is that local denial of service
> bugs not be treated as security issues; it is possible that this problem
> will be corrected in a future Erratum."

If there was any potential for
(a) privilege escalation,
(b) disclosure of potentially sensitive information, or
(c) denial of service by a non-authenticated attacker,
we would have issued a security advisory.

Colin Percival

More information about the freebsd-questions mailing list