>> But far as rtld vulnerability, doesn't it require at least a local user account?
No, it requires a script and a kiddie. ;) You'd expect your "index.php" (or similar) files would require a ftp/ssh/telnet connection, but useful "kids" have useful resources 'n which these things are not always required. Anyone can execute any code (apparently) on your machine via the exploit, having anything they want running on your machine, (i.e. that can set their env to whatever they want and get access to your machine pre -p5. Your safest bet especially since you weren't patched to the latest FreeBSD version which includes the rtld patch, is to simply not trust your machine at all; regardless of whether you are patching it now or not. I'd personally save your data, reformat the machine, and reinstall the items you need. ~Cheers This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
