Subject: [Security Fix] ptrace insufficient bounds checking
To: None <current-users@netbsd.org>
From: Adrian Portelli <adrianp@NetBSD.org>
List: current-users
Date: 11/10/2006 00:11:58
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The NetBSD Security Officer team recently became aware of a security
issue due to the insufficient bounds checking of a userspace parameter
supplied to the ptrace(2) call specifically in relation to a
PT_DUMPCORE request.

This vulnerability does not exist in the NetBSD 2.x, or 3.x code
bases. However, NetBSD-current was found to be vulnerable to this issue.

This issue was fixed in the NetBSD CVS tree on the 28th of October 2006.
Users currently running NetBSD-current are advised to update:

        src/sys/kern/sys_process.c to version 1.112

To update from CVS, re-build, and re-install the kernel:

        # cd src
        # cvs update -d -P sys/kern/sys_process.c
        # ./build.sh kernel=KERNCONF
        # mv /netbsd /netbsd.old
        # cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd
        # shutdown -r now

For more information on how to do this, see:

        http://www.NetBSD.org/guide/en/chap-kernel.html

Thanks To
=========

Neil for informing us of the issue.
Christos Zoulas for the fix in NetBSD-current.


On behalf of security-officer@,

adrian.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)

iQCVAwUBRVPAAD5Ru2/4N2IFAQIYKQP8Ckp4uensUVOUaS5GiqOLPT7tKibDj1XC
Sd7PwiTbDkGZz+8CDZqqmAqLmx3jf1BpFRJJxS8xw3aThCeVYsADWNwuLgw1p3h6
JVXcAgKR2giietBkE2mx/VybwNBtXE68BDDsyVRc88d29OO1AQ5rxbM0ciosf487
p+ErBfNyoFI=
=3o69
-----END PGP SIGNATURE-----