[原文]The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
FreeBSD and NetBSD contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sends an overly long length parameter to the iBCS2 system call translator for statfs(2), which will disclose kernel memory information resulting in a loss of confidentiality.
Upgrade to FreeBSD version 4.8-STABLE, RELENG_4_8 (4.8-RELEASE-p3), RELENG_4_7 (4.7-RELEASE-p13), or RELENG_5_1 (5.1-RELEASE-p2) security branches or higher, as it has been reported to fix this vulnerability. Also, FreeBSD has released a patch.
Upgrade to NetBSD version 1.5.4 or 1.6, as it has been reported to fix this vulnerability. Also, NetBSD has released a patch.