Date: Thu, 12 Dec 1996 10:24:34 -0600 (CST) From: Brian Mitchell <brian@saturn.net> To: FreeBSD Security Officer <security-officer@freebsd.org> Cc: freebsd-security-notifications@freebsd.org, freebsd-announce@freebsd.org, freebsd-security@freebsd.org, first-teams@first.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-96:19.modstat Message-ID: <Pine.BSI.3.95.961212102310.2052A-100000@redmare.com> In-Reply-To: <199612120918.KAA27535@gvr.win.tue.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 1996, FreeBSD Security Officer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-96:19 Security Advisory > FreeBSD, Inc. > > Topic: Buffer overflow in modstat > > Category: core > Module: modstat > Announced: 1996-12-10 > Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6, 2.1.6.1 > Corrected: FreeBSD-current as of 1996/08/08 > FreeBSD only: no > > Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:19/ > > ============================================================================= > > I. Background > > The modstat program is used to display status of loaded kernel modules. > It is standard software in the FreeBSD operating system. > > II. Problem Description > > The modstat program has always been installed setuid kmem. Within > the program, a buffer overflow can occur. It's sgid kmem, not suid kmem. Brian Mitchell / brian@saturn.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.961212102310.2052A-100000>