[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-security-announce
Subject: procfs vulnerability
From: Ted Unangst <tedu () zeitbombe ! org>
Date: 2004-05-13 8:08:48
Message-ID: Pine.BSO.4.58.0405122052400.18115 () af ! pbqrshfvbavf ! pbz
[Download RAW message or body]
Incorrect bounds checking in several procfs functions could allow an
unprivileged malicious user to read arbitrary kernel memory, with the
potential to use this information to escalate privilege. OpenBSD does not
mount the proc filesystem by default, and we continue to recommend against
its use.
The cvs -stable branches have been updated to contain a fix, which is also
available in patch form for 3.4 and 3.5.
Credit goes to Deprotect Advisories <advisories@deprotect.com> for
identification of the bug.
Patches:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch
--
desire is not an occupation
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic