From owner-freebsd-security Thu Dec 12 08:29:03 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id IAA21054 for security-outgoing; Thu, 12 Dec 1996 08:29:03 -0800 (PST) Received: from redmare.com (brian@lin-pm3-004.inetnebr.com [206.222.210.4]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA21038; Thu, 12 Dec 1996 08:28:52 -0800 (PST) Received: from localhost (brian@localhost) by redmare.com (8.7.4/8.7.3) with SMTP id KAA02107; Thu, 12 Dec 1996 10:24:37 -0600 (CST) X-Authentication-Warning: redmare.com: brian owned process doing -bs Date: Thu, 12 Dec 1996 10:24:34 -0600 (CST) From: Brian Mitchell X-Sender: brian@redmare.com To: FreeBSD Security Officer cc: freebsd-security-notifications@freebsd.org, freebsd-announce@freebsd.org, freebsd-security@freebsd.org, first-teams@first.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-96:19.modstat In-Reply-To: <199612120918.KAA27535@gvr.win.tue.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 10 Dec 1996, FreeBSD Security Officer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-96:19 Security Advisory > FreeBSD, Inc. > > Topic: Buffer overflow in modstat > > Category: core > Module: modstat > Announced: 1996-12-10 > Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6, 2.1.6.1 > Corrected: FreeBSD-current as of 1996/08/08 > FreeBSD only: no > > Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:19/ > > ============================================================================= > > I. Background > > The modstat program is used to display status of loaded kernel modules. > It is standard software in the FreeBSD operating system. > > II. Problem Description > > The modstat program has always been installed setuid kmem. Within > the program, a buffer overflow can occur. It's sgid kmem, not suid kmem. Brian Mitchell / brian@saturn.net