BSD kern_sig.c sigvec() Crafted Address Local DoS

1986-05-13T00:00:00
ID OSVDB:622
Type osvdb
Reporter Doug Hosking()
Modified 1986-05-13T00:00:00

Description

Vulnerability Description

BSD contains a flaw that may allow a local denial of service. The issue is triggered when addresses passed to sigvec() (as in user level signal() handler addreses) are not properly validated by the kernel before being used, resulting in a loss of availability for the platform.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Doug Hosking has released an unofficial patch to address this vulnerability.

Short Description

BSD contains a flaw that may allow a local denial of service. The issue is triggered when addresses passed to sigvec() (as in user level signal() handler addreses) are not properly validated by the kernel before being used, resulting in a loss of availability for the platform.

References:

Mail List Post: http://securitydigest.org/unix/archive/024