|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Bell (db_at_borderware.com)
Date: Tue Jan 21 2003 - 06:34:48 CST
Crist J. Clark wrote:
>On Mon, Jan 20, 2003 at 09:21:38AM -0500, David Bell wrote:
>
>>Is FreeBSD vulnerable to the following, and if so is it being addressed?
>>
>>http://www.kb.cert.org/vuls/id/412115
>>
>
>Yes, many FreeBSD network drivers display this behavior. If you
>followed any of the later discussion by the authors on several mailing
>lists, FreeBSD was one of many OSes on which they duplicated the
>problem.
>
>As for whether the "vulnerability" is being addressed, this issue has
>been known about for a long, long time, but has never been regarded as
>a priority. The real security exposure here is quite small. The
>cost of potentially breaking stuff and hurting performance has never
>been seen to be worth the effort of a sweep. I personally am not aware
>of a concerted effort to go through all of the Ethernet drivers to
>zero out extra memory, but someone may be doing it... It's a bit of a
>PITA and there is not a whole lot the Project can do about binary-only
>drivers supplied by some vendors.
>
It may be quite small, however image wise it is not good IMHO that
FreeBSD is not doing anything to respond to this, or at least have some
sort of official statement.
You say many device drivers display this behavior, can you be more
specific? Or tell me which ones do not display the behavior?
Thanks,
~David Bell
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]