Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of
On Wed, 11 Nov 2009, Eygene Ryabinkin wrote:
> Date: Wed, 11 Nov 2009 22:37:44 +0300
> From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
> To: Damian Weber <dweber@htw-saarland.de>
> Cc: Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>,
> freebsd-security@freebsd.org, wkoszek@freebsd.org,
> Oliver Pinter <oliver.pntr@gmail.com>
> Subject: Re: 2009-07-20 FreeBSD 7.2 (pecoff executable) Local Denial of
> Service Exploit 23 R D Shaun Colley
>
> Wed, Nov 11, 2009 at 07:14:48PM +0100, Damian Weber wrote:
> > FWIW, I got another result on 6.4-STABLE
> >
> > FreeBSD mymachine.local 6.4-STABLE FreeBSD 6.4-STABLE #6: Sat Oct 3 13:06:12 CEST 2009 root@hypercrypt.local:/usr/obj/usr/src/sys/MYMACHINE i386
> >
> > $ ./pecoff
> > MZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa????aaaa
> > [I'm truncating here, ~3500 a's follow]aaaaa: File name too long
>
> You have no pecoff module loaded or compiled-in to the kernel,
> aren't you? Your "File name too long" is spitted by the shell,
> so it was not handled by the PE loader at all.
Confirmed. The code crashes the 6.4-stable machine when pecoff module
is loaded.
Wojciech A. Koszek wrote:
> I think the best way would be to remove PECOFF from 6.x and 7.x.
Now, I'm inclined to think that, too ;-)
-- Damian
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 11 之 11 篇):