tech-security: Is this known?

Subject: Is this known?
To: None <tech-security@netbsd.org>
From: Simas Mockevicius <symka@netbsd.vejas.lt>
List: tech-security
Date: 02/06/2004 09:25:56

Hi folks,

 from deadly.org:
...
Pine Digital Security Advisory

Advisory ID : PINE-CERT-20040201 (CAN-2004-0114)
Authors : Joost Pol
Vendor Informed : 2004-02-01
Issue date : 2004-02-05
Application : kernel / sysv shared memory
Platforms : FreeBSD, NetBSD and OpenBSD
Availability : http://www.pine.nl/press/pine-cert-20040201.txt

Synopsis

         While gathering material for a security training Pine
         Digital Security encountered a reference count overflow
         condition which could lead to privilege escalation.

Versions

         Vulnerable versions include:

         FreeBSD >= 2.2.0, NetBSD >= 1.3 and OpenBSD >= 2.6

Impact

         Serious.

         Local users can elevate their privileges.

Description

         The shmat(2) function maps a shared memory segment, previously
         created with the shmget(2) function, into the address space of
         the calling process.

....


-- 
Sincerely,
Simas Mockevicius.