[35287] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

NetBSD kernel swapctl(2) vulnerability

daemon@ATHENA.MIT.EDU (Evgeny Demidov)
Mon Jun 14 19:23:03 2004

From: "Evgeny Demidov" <demidov@gleg.net>
To: full-disclosure@lists.netsys.com
Cc: bugtraq@securityfocus.com, security-officer@netbsd.org
Date: Fri, 11 Jun 2004 13:20:06 +0400
Message-ID: <web-43718618@cgp.agava.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit

Name:          NetBSD kernel swapctl(2) vulnerability
Date:          11 June 2004
CVE candidate: not assigned
Author:        Evgeny Demidov

Description:

There exists a integer handling vulnerability in NetBSD 
swapctl(2) system call.
It seems that this vulnerability can not be exploited to 
gain super-user
privilegies, but any local attacker can crash the kernel.

Fix:

It is available in CVS: 
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/uvm/uvm_swap.c.diff?r1=1.85&r2=1.85.2.1

History:

The vulnerability has been discovered several months ago 
by Evgeny Demidov during NetBSD kernel source code au
dit.
It has been made availabe to VulnDisco clients two months 
ago.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[35287] in bugtraq

NetBSD kernel swapctl(2) vulnerability

daemon@ATHENA.MIT.EDU (Evgeny Demidov)Mon Jun 14 19:23:03 2004

daemon@ATHENA.MIT.EDU (Evgeny Demidov)
Mon Jun 14 19:23:03 2004