Eygene Ryabinkin
2007-Mar-14 08:04 UTC
OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
Good day. Just spotted the new advisory from CORE: http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. Robert, anyone, could you please check? Thank you. -- Eygene
Colin Percival
2007-Mar-14 09:32 UTC
OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
Eygene Ryabinkin wrote:> Just spotted the new advisory from CORE: > http://www.securityfocus.com/archive/1/462728/30/0/threaded > Not an expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very > simular code.I really hope that we're not affected, especially since we didn't get any advance notice of this; but I've asked several of our IPv6 / network stack experts to investigate this. Colin Percival FreeBSD Security Officer
Robert Watson
2007-Mar-15 11:32 UTC
OpenBSD IPv6 remote kernel buffer overflow. FreeBSD has this too?
On Wed, 14 Mar 2007, Eygene Ryabinkin wrote:> Just spotted the new advisory from CORE: > http://www.securityfocus.com/archive/1/462728/30/0/threaded Not an > expert, but FreeBSD's src/sys/kern/uipc_mbuf2.c has the very simular code. > > Robert, anyone, could you please check?Eygene, Sorry for the delayed response on this -- I've only just returned from Tokyo in the last day and am significantly behind in e-mail from the trip. According to a source analysis by Jinmei, we are not vulnerable, but I will continue tracking the thread. Apparently this vulnerability involved an issue in the handling of M_EXT, and our implementation of clusters differs significantly from OpenBSD, so it seems likely we are not affected. If we discover any information to the contrary, you can be sure that we will get it fixed and release an advisory! Robert N M Watson Computer Laboratory University of Cambridge