[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: OpenBSD procfs vulnerability

From: "Philemon Daubard" <phil AT kodezone POINT com>
To: <openbsd-france-misc AT openbsd-france POINT org>
Subject: FW: OpenBSD procfs vulnerability
Date: Thu, 13 May 2004 19:26:36 +0200

Bonjour a tous et a toutes,

un nouveau patch vient de voir le jour, voir ci-dessous pour les details.

Philemon Daubard.
System & Network Administrator
kodezone interactive - OpenBSD web hosting and custom IT services
URL: <http://www.kodezone.com/>

-----Original Message-----
From: owner-security-announce AT openbsd POINT org
[mailto:owner-security-announce AT openbsd POINT org] On Behalf Of Ted Unangst
Sent: jeudi 13 mai 2004 10:09
To: security-announce AT openbsd POINT org
Subject: procfs vulnerability

Incorrect bounds checking in several procfs functions could allow an 
unprivileged malicious user to read arbitrary kernel memory, with the 
potential to use this information to escalate privilege.  OpenBSD does not 
mount the proc filesystem by default, and we continue to recommend against 
its use.

The cvs -stable branches have been updated to contain a fix, which is also 
available in patch form for 3.4 and 3.5.

Credit goes to Deprotect Advisories <advisories AT deprotect POINT com> for 
identification of the bug.

Patches:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch


-- 
desire is not an occupation

Prev by Date: Ma JVM me fait des misères
Next by Date: Probleme de son.
Previous by thread: Ma JVM me fait des misères
Next by thread: Probleme de son.
Index(es):
- Date
- Thread