Release date: 2010-09-08
Updated on: 2010-09-09
Affected Systems:
FreeBSD 7.2
FreeBSD 7.1
FreeBSD 7.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 43060
FreeBSD is an open-source Unix system that runs on the Intel Platform and can be freely used.
From FreeBSD 5.0 onwards, the system supports POSIX extension attributes and allows the storage of file-related metadata. One file system that supports extension attributes is pseudo. Because of the pseudo call to pfs_unlock () in pfs_getattr (), a null pointer may be referenced after the extattr_get_attribute () call to the pseudo DOFs vnode. By allocating the memory page at the 0x0 address, attackers can overwrite any kernel memory, resulting in crash or root privilege elevation.
<* Source: Przemyslaw Frasunek (venglin@freebsd.lublin.pl)
Link: http://marc.info /? L = full-disclosure & m = 128395547127046 & w = 2
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
FreeBSD
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://svn.freebsd.org/viewvc/base? View = revision & revision = 196689