Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD Security Note 2011-1: FreeBSD SA 2011-11 does NOT apply to NetBSD



The FreeBSD team has released a new security advisory, SA-11:05.unix, and
this note is to assure people that NetBSD is not vulnerable to any
attack based on this vulnerability.
 
Further information on the advisory can be found in:

        http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc
 
        II.  Problem Description
 
        When a UNIX-domain socket is attached to a location using the bind(2)
        system call, the length of the provided path is not validated.  Later,
        when this address was returned via other system calls, it is copied into
        a fixed-length buffer.

        III. Impact 
 
        A local user can cause the FreeBSD kernel to panic.  It may also be
        possible to execute code with elevated privileges ("gain root"), escape
        from a jail, or to bypass security mechanisms in other ways.
 
As an indication of our commitment to ongoing testing and security
awareness, Christos Zoulas has added a test to the NetBSD regression
test suite to test for error conditions, and ensure no regressions
could occur: 
 
        http://mail-index.netbsd.org/source-changes/2011/09/28/msg027654.html

Christos confirmed that NetBSD is not vulnerable to this problem: NetBSD
can create paths up to (and including) 253 characters long. Attempts to
create paths containing 254 chars will fail. accept(2) will only return
paths up to (and including) 104 characters, to avoid buffer overflows in
existing code.
 
 
Regards, 
Alistair 
--
Alistair Crooks 
security-officer%NetBSD.org@localhost

Attachment: pgpTfVK2de_7a.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index