Date: Mon, 23 Nov 2009 11:52:20 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/compat/pecoff imgact_pecoff.c Message-ID: <200911231152.nANBqe4x072237@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bz 2009-11-23 11:52:20 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_6)
sys/compat/pecoff imgact_pecoff.c
Log:
SVN rev 199712 on 2009-11-23 11:52:20Z by bz
MF7 r199330:
Note: this change was never in head; thus directly merged from stable/7.
As we pass the 'offset' unvalidated to vn_rdwr() make sure
that it is unsigned rather than possibly set to something negative
by a malicious binary.
This is just the immediate fix to the problem mentioned in
PR kern/80742 and by http://milw0rm.com/exploits/9206 but does
not fix all possible problems imgact_pecoff has.
As this feature does not work and is not compiled in by default,
the security team considers this vulnerability to be of low risk
to the user population and will not be issuing an advisory.
PR: kern/80742
Reported by: Oliver Pinter (oliver.pntr gmail.com) via freebsd-security
Help reproducing and testing by: Damian Weber (dweber htw-saarland.de)
Revision Changes Path
1.39.2.1 +3 -3 src/sys/compat/pecoff/imgact_pecoff.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911231152.nANBqe4x072237>