|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
CVS: cvs.openbsd.org: src
From: David Gwynne (dlg
cvs.openbsd.org)
Date: Mon Jun 21 2010 - 08:28:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
CVSROOT: /cvs
Module name: src
Changes by: dlgcvs.openbsd.org 2010/06/21 07:28:09
Modified files:
sys/dev : vscsi.c
Log message:
fix an integer arithmetic overflow.
An attacker can get past the ENOMEM check in vscsi_data() by first
reading/writing 1 byte and then reading/writing 0xffffffff bytes.
found and fixed by matthew dempsky
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]