FreeBSD procfs Denial of Service Vulnerability

procfs is the Process Filesystem, a file system interface to the process table included with the FreeBSD Operating System. A problem exists which could allow a local user to deny service to legitimate users of a FreeBSD Server.

The problem occurs in the handling of /proc/<process id>/mem files. It is possible to launch a process which executes an mmap() system call and maps the memory address of it's own memory address space, as defined in /proc/<process id>mem. By doing so, the kernel enters an infinite loop and hangs, requiring a system reboot at the console. This problem with design makes it possible for a local user with malicious intent to crash the system, thus denying service to legitimate users.


Privacy Statement
Copyright 2010, SecurityFocus