Abstract

Due to insufficient length checking in FreeBSD compatibility code, it is
possible for a user to cause an integer overflow, resulting in a local
denial of service and potentially local root compromise.

Solutions and Workarounds

Kernels with FreeBSD binary emulation are affected, including the
default GENERIC kernel install. There is no workaround for this
issue. Users of affected NetBSD versions are highly recommended to
upgrade their kernel.

The following instructions describe how to upgrade your kernel by updating
your source tree and rebuilding and installing a new version of
the kernel.

Systems running NetBSD of the affected branches, using sources earlier
than the fix date should be upgraded.

The following files need to be updated from CVS:
src/sys/compat/freebsd/freebsd_misc.c

To update from CVS, re-build, and re-install the kernel:
# cd src
# cvs update -d -P sys/compat/freebsd/freebsd_misc.c
# ./build.sh kernel=GENERIC
# mv /netbsd /netbsd.old
# cp sys/arch/`machine`/compile/obj/GENERIC/netbsd /netbsd
# shutdown -r now

Thanks To

Christer Oeberg discovered and reported this issue.
Christos Zoulas fixed the code.

Revision History

2005-10-31 Initial release

More Information
 
Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at
 ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2005-008.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/  and http://www.NetBSD.org/Security/ .

Copyright 2005, The NetBSD Foundation, Inc. All Rights Reserved.
Redistribution permitted only in full, unmodified form.