Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD security Advisories: FreeBSD-SA-03:09.sign

Posted by Hemos on from the alert-alert-alert dept.

Dan writes "FreeBSD security team has released two new advisories. The first advisory entitled "Insufficient range checking of signal numbers" could allow a malicious local user to use this vulnerability as a local denial-of-service attack. The second advisory "Kernel memory disclosure via ibcs2" could allow a malicious user to call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory containing sensitive information."

3 of 78 comments (clear)

  1. Here's the text in case it gets /.'ed by DrSkwid · · Score: 4, Informative

    nah, who am I kidding

    the signal thing is more than a D.O.S. though

    However, in FreeBSD 5.x, the assertion code is not present if the
    `INVARIANTS' kernel option is not used. In FreeBSD 5.0-RELEASE and
    5.1-RELEASE, `INVARIANTS' is not enabled by default. In this
    configuration, a malicious local user could use this vulnerability
    to modify kernel memory, potentially leading to complete system
    compromise. (FreeBSD 4.x is not vulnerable in this way.)

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  2. Binary patches... by cperciva · · Score: 3, Informative

    Binary patches aren't available for these advisories yet, but they will be soon (ETA 12 hours?)

    See my sig for details.

    --
    Tarsnap: Online backups for the truly paranoid
  3. Re:Malloc(sizeof(ram.total) - sizeof(ram.used)); by ffsnjb · · Score: 4, Informative

    uncomment the
    NO_MODULES= true # do not build modules with the kernel

    line in /etc/make.conf

    I don't build modules on my production machines, there is no need. This prevents that.

    --
    "Why do you consent to live in ignorance and fear?" - Bad Religion