Vigil@nce: FreeBSD, denial of service via PE/COFF
July 2009 by Vigil@nce
A local attacker can run a binary in PE/COFF format, in order to
stop the system.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: low (1/3)
– Creation date: 21/07/2009
IMPACTED PRODUCTS
– FreeBSD
DESCRIPTION OF THE VULNERABILITY
The PE/COFF (Portable Executable Common Object File Format) format
is mainly used to represent binaries (EXE, DLL) under Windows. The
gcc compiler can generate this type of format, but it is rarely
used under Unix. The FreeBSD kernel supports this format, when it
is compiled with the PECOFF_SUPPORT option, or if the pecoff
module is loaded.
If a PE/COFF binary has an header with an invalid address, the
FreeBSD kernel tries to use this address with no check, which
generates an error.
A local attacker can therefore run a binary in PE/COFF format, in
order to stop the system.
CHARACTERISTICS
– Identifiers: BID-35739, VIGILANCE-VUL-8876
– Url: http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-PE-COFF-8876