Integer overflow in the f_count counter in FreeBSD prior to 4.2 up to and including 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freebsd freebsd 2.1.6 |
||
freebsd freebsd 2.1.6.1 |
||
freebsd freebsd 2.1.7 |
||
freebsd freebsd 2.2.5 |
||
freebsd freebsd 1.1.5.1 |
||
freebsd freebsd 2.2.1 |
||
freebsd freebsd 2.2.2 |
||
freebsd freebsd 2.2 |
||
freebsd freebsd 3.1 |
||
freebsd freebsd 4.10 |
||
freebsd freebsd 4.3 |
||
freebsd freebsd 4.4 |
||
freebsd freebsd 4.9 |
||
freebsd freebsd 2.2.6 |
||
freebsd freebsd 3.4 |
||
freebsd freebsd 3.5 |
||
freebsd freebsd 4.11 |
||
freebsd freebsd 4.6 |
||
freebsd freebsd 2.1.0 |
||
freebsd freebsd 2.1.5 |
||
freebsd freebsd 2.2.3 |
||
freebsd freebsd 2.2.4 |
||
freebsd freebsd 3.2 |
||
freebsd freebsd 3.3 |
||
freebsd freebsd 4.5 |
||
freebsd freebsd 5.0 |
||
freebsd freebsd 2.1.7.1 |
||
freebsd freebsd 2.2.7 |
||
freebsd freebsd 2.2.8 |
||
freebsd freebsd 3.5.1 |
||
freebsd freebsd 4.2 |
||
freebsd freebsd 4.7 |