|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
FreeBSD Information for VU#369427
| Date Notified: | 2000-10-23 |
| Date Updated: | |
| Statement Date: | |
| Status Summary: | Vulnerable |
Vendor StatementFreeBSD was also vulnerable to this problem since the affected code has a common ancestor. Like OpenBSD, we fixed the problem during security auditing in 2000/07, but did not realise it to be a security vulnerability since the function is not part of a library on FreeBSD, but the source code file containing the function is included directly in the affected setuid programs. FreeBSD 3.5.1 and 4.0 are the most recent affected versions - 4.1 and 4.1.1 are unaffected.
An advisory is under preparation and will likely be released on 2000/10/30.
KrisVendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumThe CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |