OSVDB ID: 5073 Title: Berkeley FFS Large File Integer Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A local overflow exists in Berkley Fast File System. FFS fails to properly calculate file sizes resulting in a integer overflow. With a specially created file larger than what the VM system can handle, an attacker may gain access to arbitrary filesystem blocks, reading or corrupting data, which may potentially lead to arbitrary code execution, resulting in a loss of integrity, and/or availability. |
Classification |
Location:
Local Access Required
Attack Type: Denial of Service, Input Manipulation Impact: Loss of Integrity, Loss of Availability Exploit: Exploit Unknown Disclosure: OSVDB Verified |
Solution |
Upgrade to CVS branches RELENG_4, RELENG_4_6, RELENG_4_5, or RELENG_4_4, or apply vendor suplied patch, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround provided by FreeBSD Project: On filesystems with 16k blocks, the bug cannot be exploited when a process has a file size resource limit (RLIMIT_FSIZE) of 63 MB or less. This can be most easily accomplished by modifying /etc/login.conf so that the appropriate login classes (typically `default') contain a field entry such as the following: :filesize=63m:\ After editing /etc/login.conf, the corresponding capability database must be rebuilt with the following command: # cap_mkdb /etc/login.conf |
Products |
|
References |
|
Credit |
|
FreeBSD.org - FreeBSD