RDot

RDot (https://rdot.org/forum/index.php)
-   Повышение привилегий/Privilege escalation (https://rdot.org/forum/forumdisplay.php?f=24)
-   -   CVE-2013-3077 FreeBSD 8.x/9.x integer overflow in IP_MSFILTER (https://rdot.org/forum/showthread.php?t=2826)

SynQ 22.08.2013 10:40

CVE-2013-3077 FreeBSD 8.x/9.x integer overflow in IP_MSFILTER
 
CVE-2013-3077 / FreeBSD-SA-13:09.ip_multicast

Код:

Affects:        All supported versions of FreeBSD.
Corrected:      2013-08-22 00:51:37 UTC (stable/9, 9.2-PRERELEASE)
                2013-08-22 00:51:43 UTC (releng/9.2, 9.2-RC2-p1)
                2013-08-22 00:51:48 UTC (releng/9.1, 9.1-RELEASE-p6)
                2013-08-22 00:51:37 UTC (stable/8, 8.4-STABLE)
                2013-08-22 00:51:56 UTC (releng/8.4, 8.4-RELEASE-p3)
                2013-08-22 00:51:56 UTC (releng/8.3, 8.3-RELEASE-p10)

http://www.freebsd.org/security/advi..._multicast.asc

Линк на diff

Integer overflow в inp_get_source_filters() в sys/netinet/in_mcast.c

Код:

+ if (msfr.msfr_nsrcs > in_mcast_maxsocksrc)
+    msfr.msfr_nsrcs = in_mcast_maxsocksrc;
tss = NULL;
  if (msfr.msfr_srcs != NULL && msfr.msfr_nsrcs > 0) {
      tss = malloc(sizeof(struct sockaddr_storage) * msfr.msfr_nsrcs,


SynQ 28.08.2013 12:43

Презентация о баге и эксплуатации:

http://code.google.com/p/netusse/dow...Netusse_EN.pdf

PS Уязвимы 32-битные версии FreeBSD.


Часовой пояс GMT +3, время: 07:58.

Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd. Перевод: zCarot