Vigil@nce: FreeBSD, denial of service via xattr pseudofs
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can read extended attributes of a pseudofs filesystem
in order to generate a denial of service or escalate his
privileges.
– Severity: 2/4
– Creation date: 10/09/2010
DESCRIPTION OF THE VULNERABILITY
The pseudofs filesystem handles POSIX extended attributes (xattr).
The pfs_getattr() of the file sys/fs/pseudofs/pseudofs_vnops.c
access extended attributes.
However, when reading an attribute, a structure is freed before
being used. A NULL pointer is therefore dereferenced.
An attacker can therefore read extended attributes of a pseudofs
filesystem in order to generate a denial of service or escalate
his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-denial-of-service-via-xattr-pseudofs-9921