[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NetBSD kernel swapctl(2) vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: NetBSD kernel swapctl(2) vulnerability
From: "Evgeny Demidov" <demidov@xxxxxxxx>
Date: Fri, 11 Jun 2004 13:20:06 +0400


Name:          NetBSD kernel swapctl(2) vulnerability
Date:          11 June 2004
CVE candidate: not assigned
Author:        Evgeny Demidov

Description:

There exists a integer handling vulnerability in NetBSD swapctl(2) system call. It seems that this vulnerability can not be exploited to gain super-user privilegies, but any local attacker can crash the kernel.

Fix:

It is available in CVS: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/uvm/uvm_swap.c.diff?r1=1.85&r2=1.85.2.1

History:

The vulnerability has been discovered several months ago by Evgeny Demidov during NetBSD kernel source code au dit. It has been made availabe to VulnDisco clients two months ago.

Prev by Date: Re: [SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities; Re:
Next by Date: VP-ASP Shopping Cart Multiple Vulnerabilities
Previous by thread: Advisory 10/2004: Chora CVS/SVN Viewer remote vulnerability
Next by thread: VP-ASP Shopping Cart Multiple Vulnerabilities
Index(es):
- Date
- Thread