Date: Mon, 19 Aug 2002 10:02:13 -0700 From: Alfred Perlstein <bright@mu.org> To: Brad Laue <brad@brad-x.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error Message-ID: <20020819170213.GE75574@elvis.mu.org> In-Reply-To: <3D611737.4010803@brad-x.com> References: <200208191256.g7JCuNAd018797@freefall.freebsd.org> <3D611737.4010803@brad-x.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Brad Laue <brad@brad-x.com> [020819 09:05] wrote: > FreeBSD Security Advisories wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > ============================================================================= > > FreeBSD-SA-02:38.signed-error Security > Advisory > > The FreeBSD > Project > > > > Topic: Boundary checking errors involving signed integers > > This might be an obtuse question, but I'm going to risk it and ask anyway. > > Given that accept(2) and getpeername(2) are vulnerable one would think > this were remotely exploitable, but I'm not familiar enough to say this > for certain. > > Is this a remotely exploitable issue, or only local? Local only. It doesn't have to deal with how the kernel processes network data, only how the kernel processes user arguements. -- -Alfred Perlstein [alfred@freebsd.org] [#bsdcode/efnet/irc.prison.net] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020819170213.GE75574>