Date: Fri, 7 Sep 2001 17:10:16 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Rob Simmons <rsimmons@wlcg.com>, freebsd-security@FreeBSD.ORG Subject: Re: netbsd vulnerabilities Message-ID: <Pine.NEB.3.96L.1010907165248.861B-100000@fledge.watson.org> In-Reply-To: <20010907134427.A55600@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 7 Sep 2001, Kris Kennaway wrote: : :I don't know about this one.. we may be. Someone will have to look :into it. In terms of -015 vuln from netbsd: 1) semop: -STABLE (44-RC from 8/28/01) seems to be vulnerable. If we look at sys/kern/sysv_sem.c, we can see that we do: int semop(p, uap) struct proc *p; register struct semop_args *uap; { int semid = uap->semid; int nsops = uap->nsops; nsops, defined from the man page and sysproto.h semop_args structure, is _unsigned_. So, I'd say we are vulnerable to #1. Solution: make the local nsops variable unsigned (size_t might be better?) 2) still need to look into, will follow-up if no one else has when i loo into it 3) same as 2 hpe this helps. *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010907165248.861B-100000>