Date: Mon, 16 Nov 2009 20:34:53 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/compat/pecoff imgact_pecoff.c Message-ID: <200911162035.nAGKZ2L6071850@repoman.freebsd.org>
index | next in thread | raw e-mail
bz 2009-11-16 20:34:53 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
sys/compat/pecoff imgact_pecoff.c
Log:
SVN rev 199330 on 2009-11-16 20:34:53Z by bz
As we pass the 'offset' unvalidated to vn_rdwr() make sure
that it is unsigned rather than possibly set to something negative
by a malicious binary.
This is just the immediate fix to the problem mentioned in
PR kern/80742 and by http://milw0rm.com/exploits/9206 but does
not fix all possible problems imgact_pecoff has.
As this feature does not work and is not compiled in by default,
the security team considers this vulnerability to be of low risk
to the user population and will not be issuing an advisory.
Note that this is a direct commit to stable/7 as pecoff support has
been removed from head and stable/8 already.
PR: kern/80742
Reported by: Oliver Pinter (oliver.pntr gmail.com) via freebsd-security
Help reproducing and testing by: Damian Weber (dweber htw-saarland.de)
MFC After: 3 days
Revision Changes Path
1.40.2.3 +3 -3 src/sys/compat/pecoff/imgact_pecoff.c
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911162035.nAGKZ2L6071850>