FreeBSD Malformed ELF Image Denial of Service Vulnerability
BID:1625
Info
FreeBSD Malformed ELF Image Denial of Service Vulnerability
| Bugtraq ID: | 1625 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 28 2000 12:00AM |
| Updated: | Aug 28 2000 12:00AM |
| Credit: | This vulnerability was announced in a FreeBSD security advisory on August 28, 2000. |
| Vulnerable: |
FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5 FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 FreeBSD FreeBSD 3.0 |
| Not Vulnerable: | |
Discussion
FreeBSD Malformed ELF Image Denial of Service Vulnerability
A vulnerability exists in versions 3.x, and 4.x and 5.x prior to August 15, 2000, of FreeBSD. A failure of the ELF image activator to perform sufficient sanity checks on the ELF image header could result in local users being able to perform a denial of service attack against the machine.
By failing to handle conditions where the header had an invalid or truncated header, FreeBSD could suffer from a sign overflow bug. This in turn would cause the CPU to enter a long in-kernel loop. This can result in the machine being unavailable to remote and local users for 15 minutes or more.
A vulnerability exists in versions 3.x, and 4.x and 5.x prior to August 15, 2000, of FreeBSD. A failure of the ELF image activator to perform sufficient sanity checks on the ELF image header could result in local users being able to perform a denial of service attack against the machine.
By failing to handle conditions where the header had an invalid or truncated header, FreeBSD could suffer from a sign overflow bug. This in turn would cause the CPU to enter a long in-kernel loop. This can result in the machine being unavailable to remote and local users for 15 minutes or more.
Exploit / POC
FreeBSD Malformed ELF Image Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeBSD Malformed ELF Image Denial of Service Vulnerability
Solution:
Patches are available for the 4.x and 5.x kernels. Versions of 4.x and 5.x downloaded after August 15, 2000 are not vulnerable. Users of 3.x versions of FreeBSD should upgrade to 4.x if possible.
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
Solution:
Patches are available for the 4.x and 5.x kernels. Versions of 4.x and 5.x downloaded after August 15, 2000 are not vulnerable. Users of 3.x versions of FreeBSD should upgrade to 4.x if possible.
FreeBSD FreeBSD 4.0 alpha
-
FreeBSD elf.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch
FreeBSD FreeBSD 4.0
-
FreeBSD elf.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch
FreeBSD FreeBSD 4.1
-
FreeBSD elf.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch
FreeBSD FreeBSD 5.0 alpha
-
FreeBSD elf.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch
FreeBSD FreeBSD 5.0
-
FreeBSD elf.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch
References
FreeBSD Malformed ELF Image Denial of Service Vulnerability
References:
References:
- FreeBSD Security Information (FreeBSD)