FreeBSD developers VANQUISH Demon bug
Hostile code injection averted
Developers have quashed a potentially nasty security bug in FreeBSD.
Security researchers at Norse discovered that a programming error creating a buffer overflow in the stdio (standard I/O) library's __sflush( ) function. The bug created a possible mechanism to inject hostile code into vulnerable systems running the open source software.
"This error could erroneously adjust the buffered stream's internal state even when no 'write' actually occurred in the case when 'write (2)' system call returns an error," Norse explained in a statement.
"The accounting mismatch would accumulate if the caller does not check for stream status and would eventually lead to a heap buffer overflow."
Norse reported the finding to FreeBSD's security team, which responded by releasing a FreeBSD-SA-14:27.stdio security advisory. The security researchers who discovered the flaw helped develop the fix.
Adrian Chadd, senior kernel engineer at Norse, and Alfred Perlstein, director, appliance and kernel at Norse, created a possible code fix and submitted it to the FreeBSD community for general release.
More details on the impact of the flaw - and how to fix it - can be found from either FreeBSD's advisory or a blog post by Norse here. ®