Bug#391289: kfreebsd-5: several security issues in freebsd
On Thu, Oct 05, 2006 at 10:07:33PM +0200, Stefan Fritsch wrote:
> CVE-2006-4178:
>
> Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and
> possibly earlier versions down to 5.2, allows local users to cause a
> denial of service (crash) via unspecified arguments that use negative
> signed integers to cause the bzero function to be called with a large
> length parameter, a different vulnerability than CVE-2006-4172.
>
> CVE-2006-4172:
>
> Integer overflow vulnerability in the i386_set_ldt call in FreeBSD
> 5.5, and possibly earlier versions down to 5.2, allows local users to
> cause a denial of service (crash) and possibly execute arbitrary code
> via unspecified vectors, a different vulnerability than CVE-2006-4178.
Both of this CVE have no patches. The answer of the FreeBSD security
team is the following:
"The policy of the FreeBSD Security Team is to not issue security
advisories for local denial of service attacks; since we have not been
able to demonstrate that this bug can result in anything more severe
than a denial of service, we will not be issuing a security advisory
relating to this problem.
It is possible that an Errata Notice will be issued concerning this
problem."
So patches are welcome.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net
Reply to: