Subject: [Security Fix] ptrace insufficient bounds checking
To: None <firstname.lastname@example.org>
From: Adrian Portelli <adrianp@NetBSD.org>
Date: 11/10/2006 00:11:58
-----BEGIN PGP SIGNED MESSAGE-----
The NetBSD Security Officer team recently became aware of a security
issue due to the insufficient bounds checking of a userspace parameter
supplied to the ptrace(2) call specifically in relation to a
This vulnerability does not exist in the NetBSD 2.x, or 3.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.
This issue was fixed in the NetBSD CVS tree on the 28th of October 2006.
Users currently running NetBSD-current are advised to update:
src/sys/kern/sys_process.c to version 1.112
To update from CVS, re-build, and re-install the kernel:
# cd src
# cvs update -d -P sys/kern/sys_process.c
# ./build.sh kernel=KERNCONF
# mv /netbsd /netbsd.old
# cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd
# shutdown -r now
For more information on how to do this, see:
Neil for informing us of the issue.
Christos Zoulas for the fix in NetBSD-current.
On behalf of security-officer@,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)
-----END PGP SIGNATURE-----