The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 12 May 2004 13:50:57 -0400
From: NetBSD Security-Officer <security-officer@netbsd.org.>
To: [email protected]
Subject: NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root


-----BEGIN PGP SIGNED MESSAGE-----


                 NetBSD Security Advisory 2004-007

Topic: Systrace systrace_exit() local root Version: NetBSD-current: source prior to Apr 16, 2004 netBSD 2.0 branch: source prior to Apr 16, 2004 netBSD 1.6.2: not affected NetBSD 1.6.1: not affected NetBSD 1.6: not affected NetBSD-1.5.3: not affected NetBSD-1.5.2: not affected NetBSD-1.5.1: not affected NetBSD-1.5: not affected Severity: local root exploit Fixed: NetBSD-current: Apr 17, 2004 NetBSD-2.0 branch: Apr 17, 2004 (2.0 will include the fix) Abstract ======== A local user that is allowed to use /dev/systrace can obtain root access. Technical Details ================= systrace_exit() did not check if the connection to systrace was owned by the super user, and would set euid to 0 on exit. Solutions and Workarounds
  • Patching from sources: The fix for this issue is contained in the one file, sys/kern/kern_systrace.c The following table lists the fixed revisions and dates of this file for each branch: CVS branch revision date ------------- ----------- ---------------- HEAD 1.38 2004/04/17 netbsd-2-0 1.37.2.1 2004/04/17 The following instructions describe how to upgrade your kernel binaries by updating your source tree and rebuilding and installing a new version of the kernel. In these instructions, replace: BRANCH with the appropriate CVS branch (from the above table) ARCH with your architecture (from uname -m), and KERNCONF with the name of your kernel configuration file. To update from CVS, re-build, and re-install the kernel: # cd src # cvs update -d -P -r BRANCH sys/kern/sysv_shm.c # cd sys/arch/ARCH/conf # config KERNCONF # cd ../compile/KERNCONF # make depend;make # mv /netbsd /netbsd.old # cp netbsd / # reboot * Binary Patch: Binary patches are being provided, in the form of replacement kernels built with the patches from the GENERIC kernel configuration. If you use a custom kernel configuration, these may not be suitable for you. netbsd-current: Releng does not compile -current kernels during a release cycle. Users of -current are expected to be capable of upgrading from sources. netbsd-2-0: Retreive a kernel from: ftp://releng.netbsd.org/pub/NetBSD-daily/netbsd-2-0/DATE/ARCH/binary/kernel/ Where DATE is any available DATE later than 2004-04-17 Thanks To ========= Stefan Esser for detection and notification Niels Provos for patches Revision History ================ 2004-05-12 Initial release More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.org/ and http://www.NetBSD.org/Security/. Copyright 2004, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2004-007.txt,v 1.2 2004/05/12 15:39:10 david Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (NetBSD) iQCVAwUBQKJFLz5Ru2/4N2IFAQEaTgQAhGSQG1/cWAjKSV95hZ5dej1tkA+eYEMO Y8EuSm80ebavAb4gJnvm5AcpnWu8THZgMdALNcJ+E7cK9wzCF8XfLHy/hHRPCcgr Q/2vtood5T/ZdDdWJ9RXPBxR6GtAGvHXdhBqHWxTdN8OmaX36N1TptQ4mI9QoeWf PTIeZpnsSBw= =RBZ+ -----END PGP SIGNATURE-----

  • << Previous INDEX Search src Set bookmark Go to bookmark Next >>



    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру