• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FreeBSD System Call f_count Integer Overflow Vulnerability

Solution:
This vulnerability is present in all RELEASE versions of FreeBSD.

The RELENG_4 (STABLE) branch dated later than 20021111 is not vulnerable to this issue.

This vulnerability has been addressed in the CVS tree at the following location:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/kern_descrip.c

Users are advised to obtain the fixes from the CVS tree.


FreeBSD FreeBSD 4.4

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch

FreeBSD FreeBSD 4.5

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch

FreeBSD FreeBSD 4.5 -RELEASE

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch

FreeBSD FreeBSD 4.6

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch

FreeBSD FreeBSD 4.6 -RELEASE

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch

FreeBSD FreeBSD 4.7

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch

FreeBSD FreeBSD 4.7 -RELEASE

• FreeBSD filedesc.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch