CVE-2004-0618

Vulnerability

FreeBSD 5.1-RELEASE on the Alpha processor is vulnerable to a local denial-of-service condition due to an unaligned memory access fault in the execve system call [1]. When the second or third argument to execve points to an unaligned address, the kernel triggers a fatal trap (unaligned access fault) and panics. The IA32 architecture is not affected. Other FreeBSD versions and architectures may also be vulnerable, but the advisory specifically confirms the issue on FreeBSD 5.1-RELEASE/Alpha [1].

Exploitation

An attacker with local shell access can exploit this vulnerability by compiling and executing a small C program that calls execve with an unaligned pointer as the argv or envp argument [1]. For example, passing (int *)(main + 1) as the second argument causes the kernel to attempt an unaligned memory access, leading to a system crash. No special privileges or user interaction beyond executing the program are required.

Impact

Successful exploitation results in a kernel panic, causing an immediate denial of service (system crash) [1]. The system becomes unavailable until rebooted. There is no privilege escalation or data corruption; the impact is limited to availability.

Mitigation

No official patch or fix was disclosed in the available reference [1]. The vulnerability is specific to FreeBSD 5.1-RELEASE/Alpha; users could mitigate the risk by restricting local user access or upgrading to a later FreeBSD release that may have addressed the issue. However, no specific fixed version is mentioned.