FreeBSD security Advisories: FreeBSD-SA-03:09.sign

Dan writes "FreeBSD security team has released two new advisories. The first advisory entitled "Insufficient range checking of signal numbers" could allow a malicious local user to use this vulnerability as a local denial-of-service attack. The second advisory "Kernel memory disclosure via ibcs2" could allow a malicious user to call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory containing sensitive information."

Here's the text in case it gets /.'ed

[DrSkwid]

nah, who am I kidding

the signal thing is more than a D.O.S. though

However, in FreeBSD 5.x, the assertion code is not present if the
`INVARIANTS' kernel option is not used. In FreeBSD 5.0-RELEASE and
5.1-RELEASE, `INVARIANTS' is not enabled by default. In this
configuration, a malicious local user could use this vulnerability
to modify kernel memory, potentially leading to complete system
compromise. (FreeBSD 4.x is not vulnerable in this way.)

sensitive information

[patch-rustem]

... to return a large portion of kernel memory containing sensitive information.

What, like the sys admins porn collection.

Bias in topic titles?? Never!!

It's sort of interesting that this FreeBSD vulnerability is headlined with such a cryptic title. Now, if it were a vulnerability in Windows, it would probably have been titled 'New Windows Exploit crushes small furry animals mercilessly.'

"Malicious Local User"

[Farley+Mullet]

If someone malicious has access to your computer, bad things can happen. It's good to see that the FreeBSD team is tightening things up, but the bottom line is that if someone has an account on a system and they're determined, they'll find a way to do some damage.

freebsd-security mailing list

[dodell]

Subscribe to this list, and you had this story about 12 hours ago. You also downloaded and updated your src tree and fixed the bug in a matter of a few minutes. Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?

Re:freebsd-security mailing list

[zenyu]

Subscribe to this list, and you had this story about 12 hours ago. You also downloaded and updated your src tree and fixed the bug in a matter of a few minutes. Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?

Prolly cuz the editor and poster were thinking of "only one remote security breach in the default configuration in seven years" OpenBSD. There are local user exploits found all the time in the Linux distros and in the BSDs, when remote vulnerabilities are found in any of them it usually does make it to /.

But yeah, I usually read about and check my system based on security advisories before it ever makes it to slashdot.. prolly everyone else does as well which explains the 12 hour lag.

Re:freebsd-security mailing list

Why is it that a FreeBSD SA makes it to this site and Linux SAs don't?

Because if they reported the Linux SAs, even the SCO stories would be lost the the tidal wave.

Binary patches...

[cperciva]

Binary patches aren't available for these advisories yet, but they will be soon (ETA 12 hours?)

See my sig for details.

Re:Malloc(sizeof(ram.total) - sizeof(ram.used));

[ffsnjb]

uncomment the
NO_MODULES= true # do not build modules with the kernel

line in /etc/make.conf

I don't build modules on my production machines, there is no need. This prevents that.