OpenBSD PANIC, second round !
Hello dudes !
Here are few new OpenBSD fun. There are NULL pointer dereferences and KASSERT(m != NULL) which can be triggered by simple user. I am too busy to see if the NULL pointer dereferences are exploitables to get root on <= 4.3. I guess patches are enough to understand these vulnerabilities.
http://marc.info/?l=openbsd-cvs&m=125880991716458&w=2
http://marc.info/?l=openbsd-cvs&m=125870804715790&w=2
Humpf, I should have tested OpenBSD during my 2006 summer of code on IPv6 security. :-(
Here are few new OpenBSD fun. There are NULL pointer dereferences and KASSERT(m != NULL) which can be triggered by simple user. I am too busy to see if the NULL pointer dereferences are exploitables to get root on <= 4.3. I guess patches are enough to understand these vulnerabilities.
User triggerable KASSERT()s and NULL dereferences in netbt setsockopt()s, found by Clement LECIGNE, localhost DoS everywhere. Also, don't leak the mbuf when the wrong level is used.
http://marc.info/?l=openbsd-cvs&m=125880991716458&w=2
NULL dereference in IPV6_PORTRANGE and IP_IPSEC_*, found by Clement LECIGNE, localhost DoS everywhere. To help minimize further issues, make the mbuf != NULL test explicit instead of implicit in a length test. Suggestions and initial work by mpf@ and miod@ ok henning@, mpf@, claudio@,
http://marc.info/?l=openbsd-cvs&m=125870804715790&w=2
Humpf, I should have tested OpenBSD during my 2006 summer of code on IPv6 security. :-(
posted by clem1 at 6:59 AM
0 Comments:
Post a Comment
<< Home