FreeBSD -- Heap overflow vulnerability in bspatch
The implementation of bspatch is susceptible to integer
overflows with carefully crafted input, potentially allowing
an attacker who can control the patch file to write at
arbitrary locations in the heap. This issue was partially
addressed in FreeBSD-SA-16:25.bspatch, but some possible
integer overflows remained.
An attacker who can control the patch file can cause a
crash or run arbitrary code under the credentials of the
user who runs bspatch, in many cases, root.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright