漏洞信息详情

FreeBSD系统调用f_count整数溢出漏洞

  • CNNVD编号:CNNVD-200312-477
  • 危害等级: 低危
  • CVE编号: CVE-2003-1234
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2003-12-31
  • 威胁类型: 本地
  • 更新时间: 2007-05-11
  • 厂        商: freebsd
  • 漏洞来源: Discovery of this ...

漏洞简介

FreeBSD 4.2至5.0版本之前的f_count计数器存在整数溢出漏洞。本地用户可以借助多个对(1)fpathconf和(2)lseek的调用导致服务拒绝(崩溃)并可能执行任意代码,该漏洞在调用fdrop时f_count不能自动减一。

漏洞公告

This vulnerability is present in all RELEASE versions of FreeBSD. The RELENG_4 (STABLE) branch dated later than 20021111 is not vulnerable to this issue. This vulnerability has been addressed in the CVS tree at the following location: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/kern_descrip.c Users are advised to obtain the fixes from the CVS tree. FreeBSD FreeBSD 4.4

FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.5 -RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.6 -RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.7 -RELEASE

参考网址

来源: BID 名称: 6524 链接:http://www.securityfocus.com/bid/6524 来源: XF 名称: freebsd-kernel-integer-overflow(10993) 链接:http://www.iss.net/security_center/static/10993.php 来源: BUGTRAQ 名称: 20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc 链接:http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html 来源: www.pine.nl 链接:http://www.pine.nl/press/pine-cert-20030101.txt 来源: VULNWATCH 名称: 20030106 PDS: Integer overflow in FreeBSD kernel 链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html 来源: FREEBSD 名称: FreeBSD-SA-02:44 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc 来源: SECTRACK 名称: 1005898 链接:http://www.securitytracker.com/id?1005898 来源: BUGTRAQ 名称: 20030106 PDS: Integer overflow in FreeBSD kernel 链接:http://www.securityfocus.com/archive/1/archive/1/305308/30/26420/threaded 来源: SECUNIA 名称: 7821 链接:http://secunia.com/advisories/7821

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多