FreeBSD FFS integer overflow file system corruption

freebsd-ffs-integer-overflow (9771) The risk level is classified as HighHigh Risk

Description:

An integer overflow vulnerability in the Berkeley Fast File System (FFS) in FreeBSD could allow a local attacker to overwrite and corrupt files on the file system. A local attacker could create a file that is larger than the file size allowed by the virtual memory system, which would allow the attacker to read or write to arbitrary blocks of memory on the FFS file system. An attacker could use this vulnerability to cause a denial of service or gain elevated privileges on the system.


Consequences:

Gain Privileges

Remedy:

For FreeBSD 4.6.1-Release-p4 and earlier and 4.6-STABLE:
Upgrade to the latest FreeBSD package dated after the correction date, as listed in FreeBSD Security Advisory FreeBSD-SA-02:35. See References.

— OR —

Apply the ffs patch, as listed in FreeBSD Security Advisory FreeBSD-SA-02:35.

As a workaround, follow the instructions listed in FreeBSD Security Advisory FreeBSD-SA-02:35.

References:

  • FreeBSD Security Advisory FreeBSD-SA-02:35.ffs : local users may read and write arbitrary blocks on an FFS filesystem.
  • BID-5399: FreeBSD Arbitrary FFS Filesystem Data Block Access Vulnerability
  • CVE-2002-0829: Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
  • OSVDB ID: 5073: Berkeley FFS Large File Integer Overflow

Platforms Affected:

  • FreeBSD FreeBSD 4.0
  • FreeBSD FreeBSD 4.1
  • FreeBSD FreeBSD 4.1.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 4.3
  • FreeBSD FreeBSD 4.4
  • FreeBSD FreeBSD 4.5
  • FreeBSD FreeBSD 4.6
  • FreeBSD FreeBSD 4.6.1

Reported:

Aug 05, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page