-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2005-008 ================================= Topic: Heap memory corruption in FreeBSD compat code Version: NetBSD-current: source prior to September 13, 2005 NetBSD 2.1: not affected NetBSD 2.0.3: not affected NetBSD 2.0.2: affected NetBSD 2.0: affected NetBSD 1.6.2: affected NetBSD 1.6.1: affected NetBSD 1.6: affected Severity: local denial of service, local root compromise Fixed: NetBSD-current: September 13, 2005 NetBSD-3 branch: September 13, 2005 (3.0 will include the fix) NetBSD-2.0 branch: September 13, 2005 (2.0.3 includes the fix) NetBSD-2 branch: September 13, 2005 (2.1 includes the fix) NetBSD-1.6 branch: September 14, 2005 (1.6.3 will include the fix) Abstract ======== Due to insufficient length checking in FreeBSD compatibility code, it is possible for a user to cause an integer overflow, resulting in a local denial of service and potentially local root compromise. Solutions and Workarounds ========================= Kernels with FreeBSD binary emulation are affected, including the default GENERIC kernel install. There is no workaround for this issue. Users of affected NetBSD versions are highly recommended to upgrade their kernel. The following instructions describe how to upgrade your kernel by updating your source tree and rebuilding and installing a new version of the kernel. Systems running NetBSD of the affected branches, using sources earlier than the fix date should be upgraded. The following files need to be updated from CVS: src/sys/compat/freebsd/freebsd_misc.c To update from CVS, re-build, and re-install the kernel: # cd src # cvs update -d -P sys/compat/freebsd/freebsd_misc.c # ./build.sh kernel=GENERIC # mv /netbsd /netbsd.old # cp sys/arch/`machine`/compile/obj/GENERIC/netbsd /netbsd # shutdown -r now Thanks To ========= Christer Oeberg discovered and reported this issue. Christos Zoulas fixed the code. Revision History ================ 2005-10-31 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/. Copyright 2005, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2005-008.txt,v 1.10 2005/10/31 06:43:09 gendalia Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (NetBSD) iQCVAwUBQ2fKfj5Ru2/4N2IFAQISyAP+Oau9ytksViieV0U/1FoLqcsHQYxeDjKp AafwviGUVMi9fB7tBw9z1Kvc/a/s4W7HzhmsAwNSRNvbpoKCiJaNC+8812/Q42Gp vfcdy25EtZc7ALFTiOX6eBtj6WrFyHwLnT4ARukGap0sjIIqx/OLZjmMwQfx+O0j mURB2urapu0= =ErcI -----END PGP SIGNATURE-----