List:       openbsd-security-announce
Subject:    errata 005 for OpenBSD 4.2: local users can provoke a kernel panic
From:       Henning Brauer <henning () openbsd ! org>
Date:       2008-01-11 17:05:34
Message-ID: 20080111170534.28718.qmail () nudo ! bsws ! de
[Download RAW message or body]


Summary:
   Improper checks in an ioctl can lead to a kernel panic.

Details:
    recently added calls to rtlabel_id2name() for "ifconfig rtlabel" 
    did not properly check the return value before using it.
    rtlabel_id2name can return NULL if there is no label assigned
    or the ID is invalid.

Impact:
    local users can cause a kernel panic by using the SIOCGIFRTLABEL
    ioctl on interfaces with no route label assigned.
    ifconfig does not use that ioctl.

Workaround:
    none

Fix:
    A fix has been committed to OpenBSD-current and the OpenBSD 4.2-stable
    branch.
    A patch for OpenBSD 4.2 will appear at the URL below shortly.

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch

    Older OpenBSD versions are not affected.

Credits:
    The bug was found by Chris Cappuccio who also provided an initial 
    fix.  The final fix was done by Henning Brauer.

[Attachment #3 (application/pgp-signature)]


Configure | About | News | Add a list | Sponsored by KoreLogic