-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:22.mmap Security Advisory FreeBSD, Inc. Topic: mmap/msync denial of service Category: core Module: net Announced: 2002-04-18 Credits: Harry Newton Matt Dillon Affects: All releases of FreeBSD up to and including 4.5-RELEASE 4.5-STABLE prior to the correction date Corrected: 2002-03-08 17:22:20 UTC (RELENG_4) 2002-04-15 17:14:28 UTC (RELENG_4_5) 2002-04-15 17:18:12 UTC (RELENG_4_4) FreeBSD only: YES I. Background The mmap(2) and msync(2) system calls are part of the memory mapped I/O API. II. Problem Description A bug existed in the virtual memory management system involving a failure to check for the existence of a VM object during page invalidation. This bug could be triggered by calling msync(2) on an anonymous, asynchronous memory map (i.e. created using the mmap flags MAP_ANON and MAP_NOSYNC) which had not been accessed previously. III. Impact Local users may cause the system to crash. IV. Workaround None. V. Solution 1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the RELENG_4_5 (4.5-RELEASE-p3) or RELENG_4_4 (4.4-RELEASE-p10) security branches dated after the respective correction dates. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD ports collection. Path Revision Branch - ------------------------------------------------------------------------- sys/vm/vm_map.c RELENG_4 1.187.2.13 RELENG_4_5 1.187.2.12.2.1 RELENG_4_4 1.187.2.9.2.1 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPL8Rs1UuHi5z0oilAQFlZwP8CUMHSJ7p0ODbcPty+ugWwOTgYeiI9A2K P3ezU/PZmEU3Opb864q+J2lhudBUW0NSmVCW4PWdiaPq7Rbhic5QZ7J4eCMPbyKe IjSVmSsqvJhjEcHW8i7w0PCe1+hKWWRm1Z2X9SvWNVJqpfkggGdJQMZKNH1lJQN8 6Dm26nElyww= =/H3G -----END PGP SIGNATURE-----