277719 – (CVE-2009-1935) <=sys-freebsd/freebsd-sources-{6.?,7.2} pipe_build_write_buffer() integer overflow (CVE-2009-1935)

Bug 277719 (CVE-2009-1935) - <=sys-freebsd/freebsd-sources-{6.?,7.2} pipe_build_write_buffer() integer overflow (CVE-2009-1935)

Summary: <=sys-freebsd/freebsd-sources-{6.?,7.2} pipe_build_write_buffer() integer ove...

Status:	RESOLVED FIXED

Alias:	CVE-2009-1935

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://security.freebsd.org/patches/S...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-07-13 21:51 UTC by Stefan Behte (RETIRED)
Modified:	2009-07-14 21:56 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-07-13 21:51:18 UTC

CVE-2009-1935 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1935):
  Integer overflow in the pipe_build_write_buffer function
  (sys/kern/sys_pipe.c) in the direct write optimization feature in the
  pipe implementation in FreeBSD 7.1 through 7.2 and 6.3 through 6.4
  allows local users to bypass virtual-to-physical address lookups and
  read sensitive information in memory pages via unspecified vectors.

Comment 1 Alexis Ballier gentoo-dev

2009-07-14 14:45:04 UTC

already patched in 7.2-r1...

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-07-14 21:56:04 UTC

Ah...thanks.