• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FreeBSD System Call Signed Integer Buffer Overflow Vulnerability

A vulnerability has been reported for the FreeBSD system. Reportedly, a few system calls are vulnerable to signed integer buffer overflow conditions.

The vulnerability is the result of system calls assuming that some arguments were given as positive integers while, in actuality, the arguments were handled as signed integers. If a negative value was supplied for the argument, the boundary checking code would fail.