FreeBSD Virtual Memory Management msync mmap Local DoS

2002-04-18T00:00:00
ID OSVDB:20823
Type osvdb
Reporter OSVDB
Modified 2002-04-18T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls msync(2) on an anonymous, asynchronous memory map (i.e. created using the mmap flags MAP_ANON and MAP_NOSYNC) which had not been accessed previously, and will result in loss of availability for the platform.

Solution Description

Upgrade to version 4.5-STABLE; or to either of the RELENG_4_5 (4.5-RELEASE-p3) or RELENG_4_4 (4.4-RELEASE-p10) security branches dated after the respective correction dates, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.

Short Description

FreeBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls msync(2) on an anonymous, asynchronous memory map (i.e. created using the mmap flags MAP_ANON and MAP_NOSYNC) which had not been accessed previously, and will result in loss of availability for the platform.

References:

Vendor Specific Advisory URL ISS X-Force ID: 8921 CVE-2002-1667