MOKB-08-11-2006: FreeBSD 6.1 UFS filesystem ffs_rdextattr() integer overflow

The UFS filesystem handling code of the FreeBSD 6.1 kernel fails to properly handle corrupted data structures, leading to exploitable memory corruption (DoS) issues and possible arbitrary code execution. This particular vulnerability is caused by an integer overflow, similar to MOKB-03-11-2006.

• More details and debug information
• Proof of concept: MOKB-08-11-2006.img.bz2
• Related to MOKB-03-11-2006: FreeBSD 6.1 UFS filesystem ffs_mountfs() integer overflow