I must say that I gasped and had to wipe sweat from my forehead when I read, tested and could confirm this exploit. The OpenBSD-team has known about this for -6- days (15th of June), and they haven't been able to come up with atleast a temporary fix? I can't find anything on errdata / security warnings, what's up with that? Andreas Haugsnes On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote: > Georgi Guninski security advisory #47, 2001 > > OpenBSD 2.9,2.8 local root compromise > > Systems affected: > OpenBSD 2.9,2.8 > Have not tested on other OSes but they may be vulnerable > Vendor status: > OpenBSD was informed on 9 June 2001.
- OpenBSD 2.9,2.8 local root compromise Georgi Guninski
- Re: OpenBSD 2.9,2.8 local root compromise Przemyslaw Frasunek
- Re: OpenBSD 2.9,2.8 local root compromise Jason R Thorpe
- Re: OpenBSD 2.9,2.8 local root compromise Andreas Haugsnes
- Re: OpenBSD 2.9,2.8 local root compromise Rick Updegrove
- Re: OpenBSD 2.9,2.8 local root compromise Georgi Guninski
- Re: OpenBSD 2.9,2.8 local root compromise dmuz
- Re: OpenBSD 2.9,2.8 local root compromise Andreas Haugsnes
- Re: OpenBSD 2.9,2.8 local root compromise Tony Lambiris
- Re: OpenBSD 2.9,2.8 local root compromise Peter van Dijk
- Re: OpenBSD 2.9,2.8 local root compromise Jason R Thorpe
- Re: OpenBSD 2.9,2.8 local root compromise jon
- RE: OpenBSD 2.9,2.8 local root compromise Brian McKinney