Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD security Advisories: FreeBSD-SA-03:09.sign

Posted by Hemos on from the alert-alert-alert dept.

Dan writes "FreeBSD security team has released two new advisories. The first advisory entitled "Insufficient range checking of signal numbers" could allow a malicious local user to use this vulnerability as a local denial-of-service attack. The second advisory "Kernel memory disclosure via ibcs2" could allow a malicious user to call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory containing sensitive information."

5 of 78 comments (clear)

  1. sensitive information by patch-rustem · · Score: 5, Funny
    ... to return a large portion of kernel memory containing sensitive information.

    What, like the sys admins porn collection.

    --
    Karma: Bad due to google bombing - Robert Watkins woz 'ere.
  2. Bias in topic titles?? Never!! by Anonymous Coward · · Score: 5, Funny

    It's sort of interesting that this FreeBSD vulnerability is headlined with such a cryptic title. Now, if it were a vulnerability in Windows, it would probably have been titled 'New Windows Exploit crushes small furry animals mercilessly.'

  3. hot mail security flaw I knew it! by ratfynk · · Score: 2, Funny

    Hmmm so let me get this straight, security flaw 2 send lots of requests to the hot mail server and get lots of core info back. So thats why Hot Mail works the way it does and all we get is spam!

    --
    OH THE SHAME I fell off the wagon and use sigs again!
  4. Re:freebsd-security mailing list by Anonymous Coward · · Score: 3, Funny

    Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?

    Because if they reported the Linux SAs, even the SCO stories would be lost the the tidal wave.

  5. Linux is dying by cozman69 · · Score: 1, Funny

    Linux is dead. Long live BSD.