[UNIX] NetBSD Kernel swapctl(2) DoS Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 06/17/04

  • Next message: SecuriTeam: "[NEWS] Web Wiz Forums Registration Rules XSS Vulnerability" 
    To: list@securiteam.com
Date: 17 Jun 2004 20:32:36 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      NetBSD Kernel swapctl(2) DoS Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

    There exists a integer handling vulnerability in NetBSD swapctl(2) system
    call used to manage the server's swap file. It seems that this
    vulnerability cannot be exploited to gain super-user privilegies, but any
    local attacker can crash the kernel.

    DETAILS

    Vulnerable Systems:
     * NetBSD version 1.6
     * NetBSD version 1.6.1
     * NetBSD version 1.6.2

    Patch:
    A patch is available via CVS:
    <http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/uvm/uvm_swap.c.diff?r1=1.85&r2=1.85.2.1> http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/uvm/uvm_swap.c.diff?r1=1.85&r2=1.85.2.1.

    ADDITIONAL INFORMATION

    The information has been provided by Evgeny Demidov.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NEWS] Web Wiz Forums Registration Rules XSS Vulnerability"

    Relevant Pages

    • [UNIX] NetBSD Binary Compatibility Code Insufficient Argument Validation
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * NetBSD version 1.6.x ... Kernel syscall implementations must perform appropriate sanity checks on ... foreign OS -> NetBSD translation function, ...
      (Securiteam)
    • [NT] Borland Products idsql32.dll Buffer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Borland Products idsql32.dll Buffer Overflow Vulnerability ... processing SQL statements using the "DbiQExec" function. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] phpBB Modified By Przemo Arbitary Code Execution
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A directory traversal vulnerability and insecure file inclusion ... script that contains arbitrary code. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] phpStat Authentication Bypass Vulnerability (Exploit, Setup.PHP)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... phpStat is vulnerable to an authentication bypass vulnerability, ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [EXPL] Security vulnerability in SUNs Java Virtual Machine Implementation (Test)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerability in SUN's Java Virtual Machine Implementation ('/' Replaces ... The following applet tests for this vulnerability: ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)