On Thu, Oct 05, 2006 at 10:07:33PM +0200, Stefan Fritsch wrote: > CVE-2006-4178: > > Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and > possibly earlier versions down to 5.2, allows local users to cause a > denial of service (crash) via unspecified arguments that use negative > signed integers to cause the bzero function to be called with a large > length parameter, a different vulnerability than CVE-2006-4172. > > CVE-2006-4172: > > Integer overflow vulnerability in the i386_set_ldt call in FreeBSD > 5.5, and possibly earlier versions down to 5.2, allows local users to > cause a denial of service (crash) and possibly execute arbitrary code > via unspecified vectors, a different vulnerability than CVE-2006-4178.
Both of this CVE have no patches. The answer of the FreeBSD security team is the following: "The policy of the FreeBSD Security Team is to not issue security advisories for local denial of service attacks; since we have not been able to demonstrate that this bug can result in anything more severe than a denial of service, we will not be issuing a security advisory relating to this problem. It is possible that an Errata Notice will be issued concerning this problem." So patches are welcome. -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `- people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
