pseudofs: Information Disclosure Vulnerability

Users of pseudofs please be advised of an Information Disclosure vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

FreeBSD-SA-10:09.pseudofs: [FreeBSD-SA-10:09.pseudofs] pseudofs Information Disclosure

I. Problem Description The pfs_getextattr(9) function, used by pseudofs for handling extended attributes, attempts to unlock a mutex which was not previously locked.

II. Impact On systems where a pseudofs-using filesystem is mounted and NULL page mapping is allowed, an attacker can overwrite arbitrary memory locations in the kernel with zero, and in certain cases execute arbitrary code in the context of the kernel. On systems which do not allow NULL page mapping, an attacker can cause the FreeBSD kernel to panic. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/ayq0LM