|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=414
|
| |
Vulnerable Systems:
* FreeBSD version 5.5 (earlier versions suspected)
Local exploitation of a input validation error in the FreeBSD Project's i386_set_ldt() kernel implementation could allow attackers to create a kernel panic, leading to a denial of service condition on the affected computer.
Exploitation of this vulnerability would result in a denial of service condition on the affected host. There is a potential for arbitrary code execution in kernel context due to the way this function manipulates kernel heap memory.
Vendor responce:
"It appears that the problem you have discovered was fixed in revision 1.96 of src/sys/i386/i386/sys_machdep.c on March 23, 2005, after being found by the Coverity Prevent analysis tool; the commit message at the time documented this as a local denial of service bug.
The policy of the FreeBSD Security Team is that local denial of service bugs not be treated as security issues; it is possible that this problem will be corrected in a future Erratum."
CVE Information:
CVE-2006-4172
Disclosure Timeline:
* 08/16/2006 - Initial vendor notification
* 08/16/2006 - Initial vendor response
* 09/23/2006 - Public disclosure
|
|
|
|
|
