Multiple Vendor profil(2) Vulnerability

Multiple Vendor profil(2) Vulnerability

Solution:
OpenBSD
--------------

OpenBSD has the following patch available for this problem:
http://www.openbsd.org/errata.html#profil

NetBSD
-----------
Upgrade to NetBSD 1.4.1, NetBSD-current, or apply the following patch:

Index: kern_exec.c
===================================================================
RCS file: /cvsroot/syssrc/sys/kern/kern_exec.c,v
retrieving revision 1.101
diff -u -w -u -r1.101 kern_exec.c
- --- kern_exec.c 1999/04/27 05:28:44 1.101
+++ kern_exec.c 1999/08/06 07:19:24
@@ -415,6 +415,7 @@
goto exec_abort;
}

+ stopprofclock(p); /* stop profiling */
fdcloseexec(p); /* handle close on exec */
execsigs(p); /* reset catched signals */
p->p_ctxlink = NULL; /* reset ucontext link */

Patches are available to all Sun customers at http://sunsolve.sun.com/

Sun Solaris 7.0

Sun 106541-10
sparc
http://sunsolve.sun.com/search/document.do?assetkey=1-21-106541-10-1

Sun Solaris 7.0_x86

Sun 106542-10
x86

Sun Solaris 2.6

Sun 105181-19
sparc
http://sunsolve.sun.com/search/document.do?assetkey=1-21-105181-19-1

Sun 106629-18
sparc

Sun Solaris 2.6_x86

Sun 105182-19
x86
http://sunsolve.sun.com/search/document.do?assetkey=1-21-105182-19-1

Sun Solaris 2.5.1

Sun 103640-32
sparc
http://sunsolve.sun.com/search/document.do?assetkey=1-21-103640-32-1