This page is READ-ONLY. It is generated from the old site.
All timestamps are relative to 2013 (when this page is generated).
If you are looking for TeX support, please go to VietTUG.org

FreeBSD: Spurious mutex unlock

lại bị lỗi nữa. kỳ :)
Added by over 2 years ago  »  Votes: 1/1

Cf.: http://security.freebsd.org/advisories/FreeBSD-SA-10:09.pseudofs.asc

FreeBSD-SA-10:09.pseudofs                                   Security Advisory
                                                          The FreeBSD Project

Topic:          Spurious mutex unlock

Category:       core
Module:         pseudofs
Announced:      2010-11-10
Credits:        Przemyslaw Frasunek
Affects:        FreeBSD 7.x prior to 7.3-RELEASE, 8.x prior to 8.0-RC1
Corrected:      2009-09-05 13:10:54 UTC (RELENG_8, 8.0-RC1)
                2009-09-05 13:31:16 UTC (RELENG_7, 7.2-STABLE)
                2010-11-10 23:36:13 UTC (RELENG_7_1, 7.1-RELEASE-p15)
CVE Name:       CVE-2010-4210

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

pseudofs offers an abstract API for pseudo file systems which is utilized by
procfs(5) and linprocfs(5).  It provides generic file system services such
as ACLs, extended attributes which interface with VFS and which are otherwise
onerous to implement.  This enables pseudo file system authors to add this
functionality to their file systems with minimal effort.

II.  Problem Description

The pfs_getextattr(9) function, used by pseudofs for handling extended
attributes, attempts to unlock a mutex which was not previously locked.

III. Impact

On systems where a pseudofs-using filesystem is mounted and NULL page
mapping is allowed, an attacker can overwrite arbitrary memory locations
in the kernel with zero, and in certain cases execute arbitrary code in
the context of the kernel.

On systems which do not allow NULL page mapping, an attacker can cause the
FreeBSD kernel to panic.

[snip]

Comments