[UNIX] FreeBSD Local Integer Overflow (i386_set_ldt)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 26 Sep 2006 13:32:00 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
FreeBSD Local Integer Overflow (i386_set_ldt)
<http://www.FreeBSD.org/> FreeBSD is a modern operating system for x86,
amd64, Alpha, IA-64, PC-98 and SPARC architectures. It's based on the UNIX
operating system, BSD, which was created at the University of California,
A vulnerability in FreeBSD could allow denial of service and potentially
arbitrary code execution.
* FreeBSD version 5.5 (earlier versions suspected)
Local exploitation of a input validation error in the FreeBSD Project's
i386_set_ldt() kernel implementation could allow attackers to create a
kernel panic, leading to a denial of service condition on the affected
Exploitation of this vulnerability would result in a denial of service
condition on the affected host. There is a potential for arbitrary code
execution in kernel context due to the way this function manipulates
kernel heap memory.
"It appears that the problem you have discovered was fixed in revision
1.96 of src/sys/i386/i386/sys_machdep.c on March 23, 2005, after being
found by the Coverity Prevent analysis tool; the commit message at the
time documented this as a local denial of service bug.
The policy of the FreeBSD Security Team is that local denial of service
bugs not be treated as security issues; it is possible that this problem
will be corrected in a future Erratum."
* 08/16/2006 - Initial vendor notification
* 08/16/2006 - Initial vendor response
* 09/23/2006 - Public disclosure
The information has been provided by iDefense.
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] Sun Secure Global Desktop Multiple Vulnerabilities
- Next by Date: [REVS] Access over Ethernet: Insecurities in AoE
- Previous by thread: [UNIX] Sun Secure Global Desktop Multiple Vulnerabilities
- Next by thread: [REVS] Access over Ethernet: Insecurities in AoE