OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too? - Robert Watson - org.freebsd.freebsd-security

7 messages in org.freebsd.freebsd-securityOpenBSD IPv6 remote kernel buffer ove...

From	Sent On	Attachments
Eygene Ryabinkin	Mar 14, 2007 8:04 am
Colin Percival	Mar 14, 2007 9:32 am
Eygene Ryabinkin	Mar 14, 2007 9:38 am
Robert Watson	Mar 15, 2007 11:32 am
Eygene Ryabinkin	Mar 15, 2007 12:10 pm
Colin Percival	Mar 16, 2007 4:27 pm
Eygene Ryabinkin	Mar 17, 2007 10:06 am

Subject:	OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
From:	Robert Watson (rwat...@FreeBSD.org)
Date:	Mar 15, 2007 11:32:08 am
List:	org.freebsd.freebsd-security

On Wed, 14 Mar 2007, Eygene Ryabinkin wrote:

Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code.

Robert, anyone, could you please check?

Eygene,

Sorry for the delayed response on this -- I've only just returned from Tokyo in the last day and am significantly behind in e-mail from the trip.

According to a source analysis by Jinmei, we are not vulnerable, but I will continue tracking the thread. Apparently this vulnerability involved an issue in the handling of M_EXT, and our implementation of clusters differs significantly from OpenBSD, so it seems likely we are not affected. If we discover any information to the contrary, you can be sure that we will get it fixed and release an advisory!

Robert N M Watson Computer Laboratory University of Cambridge

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets