Vigil@nce - FreeBSD: memory leak via the directory cache with Capsicum
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a memory leak in the directory cache of
FreeBSD, in order to trigger a denial of service.
Impacted products: FreeBSD
Severity: 2/4
Creation date: 22/10/2014
DESCRIPTION OF THE VULNERABILITY
FreeBSD manages a cache of recently accessed directories, on order
to accelerate file patch resolution. Capsicum is a kernel set of
functions that allow isolate processes as a sandbox.
However, when a process is sand-boxed with Capsicum and it try to
access to nonexistent file paths, memory allocated to fill the
directory cache is not freed in vfs_lookup.c. Such a leak leads to
a kernel failure.
An attacker can therefore create a memory leak in the directory
cache of FreeBSD, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-memory-leak-via-the-directory-cache-with-Capsicum-15516