13 messages in org.freebsd.freebsd-securityRe: Vulnerability Note VU#412115| From | Sent On | Attachments |
|---|---|---|
| Oleg Shevtsov | Jan 20, 2003 2:13 am | |
| zhuravlev alexander | Jan 20, 2003 2:22 am | |
| Olafur Osvaldsson | Jan 20, 2003 2:22 am | |
| Oleg Shevtsov | Jan 20, 2003 2:36 am | |
| Peter Elsner | Jan 20, 2003 5:59 am | |
| David Bell | Jan 20, 2003 6:21 am | |
| Crist J. Clark | Jan 20, 2003 1:39 pm | |
| David Schultz | Jan 20, 2003 2:55 pm | |
| Anthony Schneider | Jan 20, 2003 3:51 pm | |
| Crist J. Clark | Jan 20, 2003 4:24 pm | |
| David Schultz | Jan 20, 2003 4:50 pm | |
| Anthony Schneider | Jan 20, 2003 5:40 pm | |
| Gaspar Chilingarov | Mar 6, 2003 3:52 am |
| Subject: | Re: Vulnerability Note VU#412115 | |
|---|---|---|
| From: | Crist J. Clark (cris...@attbi.com) | |
| Date: | Jan 20, 2003 1:39:08 pm | |
| List: | org.freebsd.freebsd-security | |
On Mon, Jan 20, 2003 at 09:21:38AM -0500, David Bell wrote:
Is FreeBSD vulnerable to the following, and if so is it being addressed?
Yes, many FreeBSD network drivers display this behavior. If you followed any of the later discussion by the authors on several mailing lists, FreeBSD was one of many OSes on which they duplicated the problem.
As for whether the "vulnerability" is being addressed, this issue has been known about for a long, long time, but has never been regarded as a priority. The real security exposure here is quite small. The cost of potentially breaking stuff and hurting performance has never been seen to be worth the effort of a sweep. I personally am not aware of a concerted effort to go through all of the Ethernet drivers to zero out extra memory, but someone may be doing it... It's a bit of a PITA and there is not a whole lot the Project can do about binary-only drivers supplied by some vendors.
-- Crist J. Clark | cjcl...@alum.mit.edu | cjcl...@jhu.edu http://people.freebsd.org/~cjc/ | cj...@freebsd.org
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message