Bug#391289: kfreebsd-5: several security issues in freebsd

[Aurelien Jarno <aurelien@aurel32.net>]

On Thu, Oct 05, 2006 at 10:07:33PM +0200, Stefan Fritsch wrote:
> CVE-2006-4178:
> 
> Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and
> possibly earlier versions down to 5.2, allows local users to cause a
> denial of service (crash) via unspecified arguments that use negative
> signed integers to cause the bzero function to be called with a large
> length parameter, a different vulnerability than CVE-2006-4172.
> 
> CVE-2006-4172:
> 
> Integer overflow vulnerability in the i386_set_ldt call in FreeBSD
> 5.5, and possibly earlier versions down to 5.2, allows local users to
> cause a denial of service (crash) and possibly execute arbitrary code
> via unspecified vectors, a different vulnerability than CVE-2006-4178.

Both of this CVE have no patches. The answer of the FreeBSD security
team is the following:

"The policy of the FreeBSD Security Team is to not issue security
advisories for local denial of service attacks; since we have not been
able to demonstrate that this bug can result in anything more severe
than a denial of service, we will not be issuing a security advisory
relating to this problem.

It is possible that an Errata Notice will be issued concerning this
problem."


So patches are welcome. 

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net