Subject: NetBSD Security Advisory 2005-008: Heap memory corruption in FreeBSD compat code
To: None <tech-security@NetBSD.org, current-users@NetBSD.org>
From: NetBSD Security-Officer <firstname.lastname@example.org>
Date: 11/08/2005 09:58:10
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2005-008
Topic: Heap memory corruption in FreeBSD compat code
Version: NetBSD-current: source prior to September 13, 2005
NetBSD 2.1: not affected
NetBSD 2.0.3: not affected
NetBSD 2.0.2: affected
NetBSD 2.0: affected
NetBSD 1.6.2: affected
NetBSD 1.6.1: affected
NetBSD 1.6: affected
Severity: local denial of service, local root compromise
Fixed: NetBSD-current: September 13, 2005
NetBSD-3 branch: September 13, 2005
(3.0 will include the fix)
NetBSD-2.0 branch: September 13, 2005
(2.0.3 includes the fix)
NetBSD-2 branch: September 13, 2005
(2.1 includes the fix)
NetBSD-1.6 branch: September 14, 2005
(1.6.3 will include the fix)
Due to insufficient length checking in FreeBSD compatibility code, it is
possible for a user to cause an integer overflow, resulting in a local
denial of service and potentially local root compromise.
Solutions and Workarounds
Kernels with FreeBSD binary emulation are affected, including the
default GENERIC kernel install. There is no workaround for this
issue. Users of affected NetBSD versions are highly recommended to
upgrade their kernel.
The following instructions describe how to upgrade your kernel by updating
your source tree and rebuilding and installing a new version of
Systems running NetBSD of the affected branches, using sources earlier
than the fix date should be upgraded.
The following files need to be updated from CVS:
To update from CVS, re-build, and re-install the kernel:
# cd src
# cvs update -d -P sys/compat/freebsd/freebsd_misc.c
# ./build.sh kernel=GENERIC
# mv /netbsd /netbsd.old
# cp sys/arch/`machine`/compile/obj/GENERIC/netbsd /netbsd
# shutdown -r now
Christer Oeberg discovered and reported this issue.
Christos Zoulas fixed the code.
2005-10-31 Initial release
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.
Copyright 2005, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.
$NetBSD: NetBSD-SA2005-008.txt,v 1.10 2005/10/31 06:43:09 gendalia Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (NetBSD)
-----END PGP SIGNATURE-----