The FreeBSD team has released a new security advisory, SA-11:05.unix, and this note is to assure people that NetBSD is not vulnerable to any attack based on this vulnerability. Further information on the advisory can be found in: http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc II. Problem Description When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. III. Impact A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways. As an indication of our commitment to ongoing testing and security awareness, Christos Zoulas has added a test to the NetBSD regression test suite to test for error conditions, and ensure no regressions could occur: http://mail-index.netbsd.org/source-changes/2011/09/28/msg027654.html Christos confirmed that NetBSD is not vulnerable to this problem: NetBSD can create paths up to (and including) 253 characters long. Attempts to create paths containing 254 chars will fail. accept(2) will only return paths up to (and including) 104 characters, to avoid buffer overflows in existing code. Regards, Alistair -- Alistair Crooks security-officer%NetBSD.org@localhost
Attachment:
pgpTfVK2de_7a.pgp
Description: PGP signature