COMMAND
	    kernel
SYSTEMS AFFECTED
	    FreeBSD 3.2 (and earlier), FreeBSD-Current before August 11, 1999
PROBLEM
	    FreeBSD provides a  mechanism to profile  a running executable  to
	    aid in performance tuning.  This can be accomplished via a  kernel
	    mechanism  to  statistically  sample  the  program  counter of the
	    program under profile.  A flaw exists in the implementation  which
	    allows  an  attacker  to  cause  arbitrary  locations  in  program
	    executed  by  the  attacker.    No  attacks  against  using   this
	    vulnerability this  are known  at this  time.    An attacker could
	    theoretically gain root access from a carefully crafted attack.
SOLUTION
	    Since profiling  is done  in the  kernel via  the profil(2) system
	    call, one  must patch  the kernel  so no  workaround is  possible.
	    Apply the following patch.  It will apply to both  FreeBSD-current
	    before the resolution date and to 3.2-stable before the resolution
	    date.
	
	    Index: kern_exec.c
	    ===================================================================
	    RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/kern_exec.c,v
	    retrieving revision 1.99
	    retrieving revision 1.100
	    diff -u -r1.99 -r1.100
	    --- kern_exec.c     1999/04/27 11:15:55     1.99
	    +++ kern_exec.c     1999/08/11 20:35:38     1.100
	        @@ -228,6 +228,9 @@
	                fdfree(p);
	                p->p_fd = tmp;
	        }
	    +
	    +   /* Stop profiling */
	    +   stopprofclock(p);
	        /* close files on exec */
	        fdcloseexec(p);
	
	    Corrected:
	
	        FreeBSD-3.3 RELEASE
	        FreeBSD-current as of August 11, 1999
	        FreeBSD-3.2-stable as of August 22, 1999