NetBSD compat Validation Flaws Let Local Users Crash the Kernel or Gain Elevated Privileges
Categorie: Vulnerability Posted: 2004-12-21 by ReCall Views: 356 Source: Click here
Current Rating: Not rated
Details
Description: A vulnerability was reported in NetBSD in the compat functions. A local user can cause denial of service conditions or potentially gain elevated privileges.
The vendor reported that some of the functions in /usr/src/sys/compat/* do not properly validate user-supplied data before executing a kernel syscall.
Several functions do not properly validate signal numbers. A local user can cause large signal numbers to be passed to certain syscall functions to cause the kernel to crash.
Several buffer overflows exist. At least one of the buffer overflows allows a local user to gain root privileges.
The vendor credits Evgeny Demidov with reporting this flaw (his advisory is available at http://gleg.net/advisory_netbsd2.shtml).
The vendor was notified on October 12, 2004.
Impact: A local user can cause the kernel to crash.
A local user can gain root privileges.
Solution: Version 2.0 includes the fix. The NetBSD-current branch was fixed as of Oct 28, 2004, the NetBSD-2.0 branch was fixed as of Nov 13, 2004, and the NetBSD-1.6 branch was fixed as of Dec 17, 2004. The vendor plans to include the fix in the pending version 1.6.3.
Instructions on upgrading kernel binaries are provided in the vendor's advisory, available at:
