|
OpenBSD: kernel heap overflow in IPsec |
|
|
|
Posted by Joe Shakespeare
|
On systems running isakmpd(8) it is possible for a local user to cause kernel memory corruption and system panic by setting ipsec(4) credentials on a socket. Stopping isakmpd(8) does not prevent the
memory corruption.
On systems running isakmpd(8) it is possible for a local user to
cause kernel memory corruption and system panic by setting ipsec(4)
credentials on a socket. Stopping isakmpd(8) does not prevent the
memory corruption.
This has been fixed in OpenBSD-current, and the OpenBSD 3.6, 3.5,
and 3.4 -stable branches. Patches are also available for OpenBSD
3.6, 3.5 and 3.4:
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/035_pfkey.patch
Thanks to Stefan Miltchev for reporting the problem.
-markus
|
