Bug 277662

Summary:	sys-freebsd/freebsd-sources DoS (CVE-2009-2649)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	bsd+disabled, craig
Priority:	High
Version:	unspecified
Hardware:	All
OS:	FreeBSD
URL:	http://www.milw0rm.com/exploits/9134
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description Alex Legler (RETIRED) archtester

2009-07-13 15:24:35 UTC

/* atapanic.c
 *
 * by Shaun Colley, 13 July 2009
 *
 * this panics the freebsd kernel by passing a large value to malloc(9) in one of
 * fbsd's ata ioctl's.  tested on freebsd 6.0 and 8.0.  you need read access to the
 * ata device in /dev to be able to open() the device.  chain with some race condition
 * bug?
 *
 * - shaun
 *
 */

See $URL.

Comment 1 Javier Villavicencio (RETIRED) gentoo-dev

2009-07-13 16:12:31 UTC

Tested this on Gentoo/FreeBSD-7.2:
No panic, the ioctl returns 'Inappropriate ioctl for device'.

Comment 2 Alexis Ballier gentoo-dev

2009-08-10 05:31:58 UTC

*** Bug 280826 has been marked as a duplicate of this bug. ***

Comment 3 Chris Reffett (RETIRED) gentoo-dev

2013-09-03 02:26:03 UTC

@bsd: is this still relevant?

Comment 4 Yuta SATOH 2013-11-27 10:54:25 UTC

(In reply to Chris Reffett from comment #3)
> @bsd: is this still relevant?

I think it has been fixed in sys-freebsd/freebsd-sources-8.0 or later.
sys-freebsd/freebsd-sources-{8.2,9.1,9.2} exists on gentoo-x86.
So, I think may be close this bug...

FYI,
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern%2F136726&cat=
http://svnweb.freebsd.org/base?view=revision&revision=195724

Comment 5 Naohiro Aota gentoo-dev

2013-11-30 10:06:12 UTC

I also confirmed it's already fixed in all official gentoo/freebsd version.

Comment 6 Mikle Kolyada (RETIRED) archtester

2013-11-30 10:50:39 UTC

(In reply to Naohiro Aota from comment #5)
> I also confirmed it's already fixed in all official gentoo/freebsd version.

close as [noglsa] then