Sign in / up

back to article FreeBSD crushes system-crashing bug

Sysadmins ought to patch their FreeBSD systems after an irritating bug was found in the kernel. A programming blunder involving integer signedness can be exploited by a logged-in user to crash a system. With the right parameters, you can trick the kernel into clearing too much of its heap memory with zeros via the sysarch …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. theOtherJT Silver badge

    Friday afternoon, is it?

    The operating system had an integer signedness error that resulted in a heap overflow in the kernel vulnerability

    I just got back from the pub, is it just me, or does that sentence not actually make sense?

    2 2 Reply
    1. Doctor Syntax Silver badge
      Reply Icon
      Pint

      Re: Friday afternoon, is it?

      Apart from signedness it looks as like a case of "all the right words but not necessarily in the right order". I'd have thought a visit to the pub might have helped you to mentally rearrange them. Maybe you should have stayed for another round.

      6 0 Reply
    2. Notas Badoff
      Reply Icon
      Pint

      Re: Friday afternoon, is it?

      LGTM; ship it!

      2 0 Reply
      1. Dan 55 Silver badge
        Reply Icon
        Trollface

        Re: Friday afternoon, is it?

        Should have stayed in the pub, the writer obviously did!

        (The operating system had a kernel vulnerability due to an integer signedness error that resulted in a heap overflow?)

        1 0 Reply
    3. User McUser
      Reply Icon
      Pint

      Re: Friday afternoon, is it?

      I just got back from the pub, is it just me, or does that sentence not actually make sense?

      It's one of those "I shot an elephant in my pajamas" parsing issues that make English such a great language.

      The vulnerability is of the "heap overflow in the kernel" type, rather than there being a "heap overflow" in the "kernel vulnerability."

      2 0 Reply
    4. PhoenixRevealed
      Reply Icon

      Re: Friday afternoon, is it?

      While clumsy, it is grammatically correct. I suspect what has you flummoxed is the last part, which sounds like it should end after the word "kernel". The integer signedness fault, however, doesn't cause a heap overflow in the kernel, it makes the kernel VULNERABLE to a heap overflow.

      Clear as mud.

      2 0 Reply
  2. storner
    WTF?

    Out-of-order execution perhaps?

    a means for local unprivileged attackers to crash the system before executing arbitrary code

    Me thinks crashing the system would prevent any code - arbitrary or not - from running, no?

    3 0 Reply
    1. PNGuinn
      Reply Icon
      Headmaster

      Re: Out-of-order execution perhaps?

      In the English Language?

      4 0 Reply
  3. The Count

    I'm starting to think

    The English language has become to complicated for the English citizenry to understand. No wonder I never understand all those references to 1960s era TV show.

    1 0 Reply
  4. Anonymous Coward
    Linux

    FreeBSD critical bug

    There's something you don't hear about every other day.... unlike -->

    Happy to say I heard it first from the freebsd security advisories mailing list, not here!

    2 1 Reply
  5. captain veg Silver badge

    I might as well be first

    Having not been to the pub, allow me to be first to point out that *BSD is not "Unix-like".

    -A.

    6 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: I might as well be first

      Yup. The *BSDs are derivatives of BSD Unix, itself derived from an early version of AT&T Unix which was unencumbered open-source (historically the norm, except for the last two decades of the 20th century).

      1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like