tech-security: Re: vvopenbsd.c exploit for kern

Subject: Re: vvopenbsd.c exploit for kern_exec.c
To: Jeremy C. Reed <reed@reedmedia.net>
From: Jason R Thorpe <thorpej@zembu.com>
List: tech-security
Date: 06/15/2001 13:43:33

On Fri, Jun 15, 2001 at 01:36:36PM -0700, Jeremy C. Reed wrote:

 > Can anyone confirm if this problem exists in NetBSD?

The problem did exist in NetBSD, and I committed a fix this morning.
I wrote the security advisory a little while ago, and it should be
out soon.

 > The exploit uses su -- is this exploit doable for users not in the wheel
 > group?

Yes.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>