• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple BSD Vendor Copyout Destination Address Verification Vulnerability

A vulnerability is reported to affect the BSD 'copyout()' function. The issue manifests because sufficient sanitization is not performed on the destination argument passed to the function. No validation is performed to determine whether the destination pointer to is a valid address in userland memory.

As a result of this, in circumstances where an attacker may manipulate or control the destination buffer pointer in a call to 'copyout()', an address in kernel memory space may be supplied. The resulting memory copy operation may result in the corruption of arbitrary regions of kernel memory with data that is contained in a kernel driver buffer.