FreeBSD multiple security vulnerabilities updated since 07.09.2008
Published:		03.07.2009
Source:		BUGTRAQ
SecurityVulns ID:		9267
Type:		remote
Level:		7/10
Description:		mount / nmount syscall implementcation buffer overflow. amd64 CPU registers privilege escalation. DoS через ICMPv6.

Affected:		FREEBSD : FreeBSD 7.0
		FREEBSD : FreeBSD 6.3
		FREEBSD : FreeBSD 7.1
		FREEBSD : FreeBSD 6.4
CVE:		CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call.)
		CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions.")
		CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.)

Original document

FREEBSD, FreeBSD Security Advisory FreeBSD-SA-08:08.nmount (07.09.2008)

Files:		Privilege escalation exploit for the FreeBSD-SA-08:08.nmount
Discuss:		Read or add your comments to this news (0 comments)