Vigil@nce - NetBSD: disabled amd64 NX
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
On an amd64 processor, the NetBSD kernel does not manage the NX
bit, so an attack can be easier.
Severity: 2/4
Creation date: 27/04/2010
DESCRIPTION OF THE VULNERABILITY
The NX (No eXecute) bit of some processors disables code execution
in a page memory. When this bit is set, memory corruption attacks
are harder to exploit.
The init_x86_64() function initializes the environment of amd64
processors, in the source code of the NetBSD kernel. However, this
function and descending ones incorrectly reset the NX bit. This
protection is therefore always disabled.
On an amd64 processor, the NetBSD kernel thus does not manage the
NX bit, so an attack can be easier.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NetBSD-disabled-amd64-NX-9612