Thread: OpenBSD OpenBSD Reliability Fix: kernel NULL pointer dereference in getsockopt()
View Single Post
  #1   (View Single Post)  
Old 28th October 2009
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default OpenBSD Reliability Fix: kernel NULL pointer dereference in getsockopt()
From http://undeadly.org:
Quote:
A bug has been found in the IPsec parts of ip_output.c that can lead to NULL pointer dereference in getsockopt(). On kernels from before 4.4, this could lead to a local privilege escalation on certain architectures. The currently supported releases, however, protect against this by no longer allowing userland to map the NULL page in the kernel, reducing the attack to a local Denial of Service by panicking the kernel.

Patches are available for OpenBSD 4.6 (patch, errata), OpenBSD 4.5 (patch, errata) and OpenBSD 4.4 (patch, errata). Of course, the patches are already available in -current, the commit message for the IPv4 case can be found below, the IPv6 and commit is nearly identical. This issue affects all architectures.
See http://www.openbsd.org/errata46.html#003_getsockopt for the patches.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote