Users login

Create an account »


Users login

Home » Security Advisories» FreeBSD » Buffer overflow in modstat

Buffer overflow in modstat

The modstat program has always been installed setuid kmem. Within the program, a buffer overflow can occur.

  • Vendor: FreeBSD
  • Vendor ID: SA-96:19
  • Date: December 10, 1996


FreeBSD-SA-96:19 Security Advisory
FreeBSD, Inc.

Topic: Buffer overflow in modstat

Category: core
Module: modstat
Announced: 1996-12-10
Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6,
Corrected: FreeBSD-current as of 1996/08/08
FreeBSD only: no



I. Background

The modstat program is used to display status of loaded kernel modules.
It is standard software in the FreeBSD operating system.

II. Problem Description

The modstat program has always been installed setuid kmem. Within
the program, a buffer overflow can occur.

III. Impact
Local users can gain kmem privileges.

IV. Workaround

Modstat does not need to be setuid kmem. It is thus sufficient to
do the following:
cd /usr/bin
chmod 555 modstat
This effectively clears the setuid bit on the modstat program.

V. Solution

Apply the following patch:
(This patch can also be found on

Index: Makefile
RCS file: /home/freebsd/CVS/src/usr.bin/modstat/Makefile,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
- --- Makefile 1994/08/19 12:14:02 1.1
+++ Makefile 1996/05/30 02:19:03 1.2
@@ -38,7 +38,5 @@

PROG= modstat
MAN8= modstat.8
- -BINGRP= kmem
- -BINMODE=2555

Index: modstat.c
RCS file: /home/freebsd/CVS/src/usr.bin/modstat/modstat.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
- --- modstat.c 1995/04/20 05:08:53 1.3
+++ modstat.c 1996/08/08 07:58:07 1.4
@@ -72,8 +72,9 @@
struct lmc_stat sbuf;

+[MAXLKMNAME - 1] = '\0'; /* In case strncpy limits the string. */
if (modname != NULL)
- - strcpy(, modname);
+ strncpy(, modname, MAXLKMNAME - 1); = modnum;

FreeBSD, Inc.

Web Site:
Confidential contacts: [email protected]
PGP Key:
Security notifications: [email protected]
Security public discussion: [email protected]

Notice: Any patches in this document may not apply cleanly due to
modifications caused by digital signature or mailer software.
Please reference the URL listed at the top of this document
for original copies of all patches if necessary.

Version: 2.6.2


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »