OpenBSD nfs Kernel Buffer Overflow Lets Local Users Execute Arbitrary Code in Kernel Mode
|
|
SecurityTracker Alert ID: 1002328 |
|
SecurityTracker URL: http://securitytracker.com/id/1002328
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 6 2001
|
Impact:
Execution of arbitrary code via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
OpenBSD reported a vulnerability in their NFS mount code that allows a local user to execute arbitrary code in kernel mode.
Only users with mount privileges can trigger the vulnerability, which is limited to root level users in default installations.
|
Impact:
A local user with access to the mount(2) utility can execute arbitrary code in kernel mode.
|
Solution:
The vendor has released a patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch
|
Vendor URL: www.openbsd.org/errata.html#nfs (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
UNIX (OpenBSD)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 06 Sep 2001 00:54:32 -0400
Subject: OpenBSD NFS Kernel Flaw
|
>From web site: http://www.openbsd.org/errata.html#nfs
012: SECURITY FIX: July 30, 2001
A kernel buffer overflow exists in the NFS mount code. An attacker may
use this overflow to execute arbitrary code in kernel mode. However,
only users with mount(2) privileges can initiate this attack. In default
installs, only super-user has mount privileges. The kern.usermount
sysctl(3) controls whether other users have mount privileges. A source
code patch
(ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/012_nfs.patch)
exists which remedies the problem.
|
|
