Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[UNIX] FreeBSD Local Integer Overflow (i386_set_ldt)

from [SecuriTeam] Network Security [Permanent Link]
Subject: [UNIX] FreeBSD Local Integer Overflow (i386_set_ldt)
Date: 26 Sep 2006 13:32:00 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  FreeBSD Local Integer Overflow (i386_set_ldt)
------------------------------------------------------------------------


SUMMARY

 <http://www.FreeBSD.org/> FreeBSD is a modern operating system for x86, 
amd64, Alpha, IA-64, PC-98 and SPARC architectures. It's based on the UNIX 
operating system, BSD, which was created at the University of California, 
Berkeley.

A vulnerability in FreeBSD could allow denial of service and potentially 
arbitrary code execution.

DETAILS

Vulnerable Systems:
 * FreeBSD version 5.5 (earlier versions suspected)

Local exploitation of a input validation error in the FreeBSD Project's 
i386_set_ldt() kernel implementation could allow attackers to create a 
kernel panic, leading to a denial of service condition on the affected 
computer.
Exploitation of this vulnerability would result in a denial of service 
condition on the affected host.  There is a potential for arbitrary code 
execution in kernel context due to the way this function manipulates 
kernel heap memory.

Vendor responce:
"It appears that the problem you have discovered was fixed in revision 
1.96 of src/sys/i386/i386/sys_machdep.c on March 23, 2005, after being 
found by the Coverity Prevent analysis tool; the commit message at the 
time documented this as a local denial of service bug.

The policy of the FreeBSD Security Team is that local denial of service 
bugs not be treated as security issues; it is possible that this problem 
will be corrected in a future Erratum."

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4172> 
CVE-2006-4172

Disclosure Timeline:
 * 08/16/2006 - Initial vendor notification
 * 08/16/2006 - Initial vendor response
 * 09/23/2006 - Public disclosure


ADDITIONAL INFORMATION

The information has been provided by iDefense.
The original article can be found at:  
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414> 
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [UNIX] FreeBSD Local Integer Overflow (i386_set_ldt), SecuriTeam <=
Previous by Date:  [UNIX] Sun Secure Global Desktop Multiple Vulnerabilities, SecuriTeam
Next by Date:  [REVS] Access over Ethernet: Insecurities in AoE, SecuriTeam
Previous by Thread:  [UNIX] Sun Secure Global Desktop Multiple Vulnerabilities, SecuriTeam
Next by Thread:  [REVS] Access over Ethernet: Insecurities in AoE, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]