SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Kernel execve Vendors:   OpenBSD
(Fix is Available) Re: OpenBSD Kernel Race Condition Lets Local Users Gain Root Level Privileges
SecurityTracker Alert ID:  1001766
SecurityTracker URL:  http://securitytracker.com/id/1001766
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 16 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenBSD 2.9,2.8
Description:   Georgi Guninski reported a vulnerability in OpenBSD that lets local users obtain root level access on the host by exploiting a race condition that apparently exists in the kernel.

The vendor reports that a race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process. Patches are reportedly available and the fix has also been implemented in the 2.8 and 2.9 stable code branches.

Impact:   A local user can obtain root level privileges on the host.
Solution:   Patches are available and the fix has been implemented in the 2.8 and 2.9 stable code branches.

2.8 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch

2.9 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (OpenBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 14 2001 OpenBSD Kernel Race Condition Lets Local Users Gain Root Level Privileges



 Source Message Contents

Subject:  patch for exec+ptrace security hole available


A race condition exists in the kernel execve(2) implementation that opens
a small window of vulnerability for a non-privileged user to
ptrace(2) attach to a suid/sgid process.

2.8 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch

2.9 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch

The fix has also been committed to the 2.8 and 2.9 stable branches.

The bug was found by Georgi Guninski; Art Grabowski came up with a fix.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC