English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-02:22.mmap                                       Security Advisory
                                                                FreeBSD, Inc.

Topic:          mmap/msync denial of service

Category:       core
Module:         net
Announced:      2002-04-18
Credits:        Harry Newton <harry_newton@telinco.co.uk>
                Matt Dillon <dillon@FreeBSD.org>
Affects:        All releases of FreeBSD up to and including 4.5-RELEASE
                4.5-STABLE prior to the correction date
Corrected:      2002-03-08 17:22:20 UTC (RELENG_4)
                2002-04-15 17:14:28 UTC (RELENG_4_5)
                2002-04-15 17:18:12 UTC (RELENG_4_4)
FreeBSD only:   YES

I.   Background

The mmap(2) and msync(2) system calls are part of the memory mapped
I/O API.

II.  Problem Description

A bug existed in the virtual memory management system involving a
failure to check for the existence of a VM object during page
invalidation.  This bug could be triggered by calling msync(2) on an
anonymous, asynchronous memory map (i.e. created using the mmap flags
MAP_ANON and MAP_NOSYNC) which had not been accessed previously.

III. Impact

Local users may cause the system to crash.

IV.  Workaround

None.

V.   Solution

1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the
RELENG_4_5 (4.5-RELEASE-p3) or RELENG_4_4 (4.4-RELEASE-p10) security
branches dated after the respective correction dates.

2) To patch your present system:

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
http://www.freebsd.org/handbook/kernelconfig.html and reboot the
system.

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in the FreeBSD ports collection.

Path                                                             Revision
  Branch
- -------------------------------------------------------------------------
sys/vm/vm_map.c
  RELENG_4                                                     1.187.2.13
  RELENG_4_5                                               1.187.2.12.2.1
  RELENG_4_4                                                1.187.2.9.2.1
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBPL8Rs1UuHi5z0oilAQFlZwP8CUMHSJ7p0ODbcPty+ugWwOTgYeiI9A2K
P3ezU/PZmEU3Opb864q+J2lhudBUW0NSmVCW4PWdiaPq7Rbhic5QZ7J4eCMPbyKe
IjSVmSsqvJhjEcHW8i7w0PCe1+hKWWRm1Z2X9SvWNVJqpfkggGdJQMZKNH1lJQN8
6Dm26nElyww=
=/H3G
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.