COMMAND

	
		FreeBSD boundary checking errors involving signed integers
	
	

SYSTEMS AFFECTED

	
		All releases of FreeBSD up to and including 4.6.1-RELEASE-p10
	
	

PROBLEM

	
		Thanks  to  Silvio  Cesare  [silvio@qualys.com],  in  FreeBSD   security
		advisory [FreeBSD-SA-02:38.signed-error] :
		

		--snipp--
		

		The  issue  described  in   this   advisory   affects   the   accept(2),
		getsockname(2),  and  getpeername(2)  system  calls,  and  the   vesa(4)
		FBIO_GETPALETTE ioctl(2).
		

		--snapp--
		

		A few system calls were identified that  contained  assumptions  that  a
		given argument  was  always  a  positive  integer,  while  in  fact  the
		argument was handled as a signed integer.  As  a  result,  the  boundary
		checking code would  fail  if  the  system  call  were  entered  with  a
		negative argument.
		

		--snipp--
	
	

SOLUTION

	
		Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE
		

		Check the diffs :
		

		ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch