Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- There are five independent attacks, any one of which can be used in isolation to compromise a system. After five months, 10.x-RELEASE users are still vulnerable to all five:
- 1. portsnap because of flawed signature checking (gunzip-related).
- 2. portsnap because of an easily achievable file-prediction attack.
- 3. portsnap because of decompression-unrelated libarchive vulnerabilities, with each libarchive vulnerability also being independent.
- 4. portsnap because of bspatch vulnerabilities, with each attack path being independent and with only one path patched for 10.x-RELEASE users, who are yet to receive the Capsicum + other fixes.
- 5. freebsd-update because of bspatch vulnerabilities, with each attack path being independent and with only one path patched for 10.x-RELEASE users, who are yet to receive the Capsicum + other fixes.
- Regarding #3, libarchive upstream has fixes available, and Redhat has already protected its users -- FreeBSD has not. Regarding #1, #2, #4, and #5, some low-effort fixes have trickled out in FreeBSD in recent weeks, which makes one wonder what has been happening for the last five months and why these fixes haven't been issued to 10.x-RELEASE users.
- In the recent OpenSSL advisory, FreeBSD told its users to run the vulnerable freebsd-update, even after a prior Core announcement apologizing for giving such reckless advice for the incomplete bspatch advisory. (The Core announcement also described man-in-the-middle attacks as "theoretical," a security posture that may explain the apathy.)
- So it turns out that freebsd-update and portsnap were written by the FreeBSD security team itself. Combined with their reluctance to fix these issues, can you say backdoors?
- EDIT: I found the link for the leaked vulns+exploits: https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Add Comment
Please, Sign In to add comment
