VULHUB ™

A vulnerability has been reported in the FreeBSD system. Reportedly, the fpathconf and lseek system calls are affected by vulnerabilities that may lead to a kernel integer overflow condition. The FreeBSD kernel maintains an internal reference counter for any open files. This counter is incremented with a fhold() call and decremented with a fdrop() call. Reportedly, the fpathconf and lseek system calls do not issue a fdrop() call. This issue can be exploited by a local attacker by invoking repeatedly these system calls to eventually overflow the file reference counter. An attacker who exploits this vulnerability may cause the system to panic or to obtain root privileges on the vulnerable system.

A vulnerability has been reported in the FreeBSD system. Reportedly, the fpathconf and lseek system calls are affected by vulnerabilities that may lead to a kernel integer overflow condition. The FreeBSD kernel maintains an internal reference counter for any open files. This counter is incremented with a fhold() call and decremented with a fdrop() call. Reportedly, the fpathconf and lseek system calls do not issue a fdrop() call. This issue can be exploited by a local attacker by invoking repeatedly these system calls to eventually overflow the file reference counter. An attacker who exploits this vulnerability may cause the system to panic or to obtain root privileges on the vulnerable system.