informa
Products & Releases

Norse Discovers Buffer Overflow Vulnerability In FreeBSD

Norse Discovers Buffer Overflow Vulnerability In FreeBSD

SAN MATEO, Calf., December 10, 2014 — Norse, the leader in live attack intelligence, today announced that its engineering team discovered a buffer overflow vulnerability in FreeBSD, which was shared with the FreeBSD security team and announced in their FreeBSD-SA-14:27.stdio security advisory.
 
In the course of new product development, Adrian Chadd, senior kernel engineer at Norse, and Alfred Perlstein, director, appliance and kernel at Norse, discovered a programming error creating a buffer overflow in the stdio (standard I/O) library's __sflush( ) function. Such overflows may lead to data corruption, or the execution of arbitrary code, at higher privilege levels. This error could erroneously adjust the buffered stream's internal state even when no “write” actually occurred in the case when “write (2)” system call returns an error. The accounting mismatch would accumulate if the caller does not check for stream status and would eventually lead to a heap buffer overflow.
 
With no workaround possible for the error, Perlstein and Chadd created a possible code fix and submitted it to the FreeBSD community for general release.
 
“Norse appreciates the diligence of our development team, and the assistance of the FreeBSD security team with this process of responsible disclosure,” said Tim O’Brien, director of security threat intelligence for Norse. “Norse is committed to responsible disclosure, and supporting open source software. This is a great example of developers working with and improving an open source project, with full support of their employer. This directly influences our common objective of a safer Internet for everyone.”
 
FreeBSD is an advanced computer operating system employed to power modern servers, desktops and embedded platforms with broad support from a large community of developers throughout the world.
 
About Norse
Norse is the leader in live, machine-readable attack intelligence. Norse delivers continuously-updated, demonstrably unique Internet and darknet intel that helps organizations block the attacks that other systems miss. The global Norse DarkMatter sensor network processes hundreds of terabytes of Internet traffic and malware daily and computes over 1500 distinct risk factors, live, for millions of IP addresses and URLs every day. Norse data is curated by a highly trained team of professional cyber- and human-intelligence analysts to deliver the superior information our high-stakes customers demand. For more information, visit www.norse-corp.com.
 
Media and analyst contact:
Corman Communications, LLC
Patrick Corman, +1-650-326-9648 or +1-650-465-5973 (mobile)
[email protected]

Recommended Reading: