Bug#645377: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses

To: submit@bugs.debian.org
Subject: Bug#645377: kfreebsd-8: Buffer overflow in handling of UNIX socket addresses
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 15 Oct 2011 00:10:32 -0400
Message-id: <[🔎] 20111015001032.019d32c30b117e74e4e4f5fa@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 645377@bugs.debian.org

package: kfreebsd-8
version: 8.1
severity: serious
tag: security , patch

A buffer overflow issue in kfreebsd has been disclosed [0] along with a
poc [1]. patch is available [2].

I've only checked the kfreebsd-8 source, but the description says -7 is
affected, and 9- and higher may be as well; I haven't checked those.

Best wishes,
Mike

[0] http://www.securityfocus.com/archive/1/519864/30/0/threaded
[1] http://www.exploit-db.com/exploits/17908/
[2] http://security.freebsd.org/patches/SA-11:05/unix.patch

Reply to:

Follow-Ups:
- Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Please test zfsutils 9.0~svn226163-1
Next by Date: Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
Previous by thread: kFreeBSD 8.2 built with GCC 4.5 (please test)
Next by thread: Bug#645377: marked as done (kfreebsd-8: Buffer overflow in handling of UNIX socket addresses)
Index(es):
- Date
- Thread