SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Kernel (please use specific OS kernel) Vendors:   OpenBSD
(Vendor Releases Fix for OpenBSD 2.9) Re: OpenBSD Operating System Kernel Race Condition May Let a Local User Obtain Root Privileges on the Host
SecurityTracker Alert ID:  1003609
SecurityTracker URL:  http://securitytracker.com/id/1003609
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 20 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.9, 3.0
Description:   OpenBSD issued a notice warning of a kernel security flaw in the OpenBSD operating system. A local user could theoretically obtain root access on the system.

It is reported that a process may be able to exec a set user id (suid) root binary and gain ptrace control over the process in a short period before the process is activated. Then the ptrace controller process could modify the address space of the controlled process and perform functions with root privileges.

The bug is reportedly due to a race condition between the ptrace(2) and execve(2) system calls. No technical details were provided.

Impact:   A local user could obtain root privileges on the host.
Solution:   The vendor has released a source code patch for OpenBSD 2.9 that remedies the problem:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch

For OpenBSD 3.0, the patch is available at:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/012_ptrace.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (OpenBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 23 2002 OpenBSD Operating System Kernel Race Condition May Let a Local User Obtain Root Privileges on the Host



 Source Message Contents

Subject:  OpenBSD 2.9 fix


020: SECURITY FIX: February 20, 2002

A race condition between the ptrace(2) and execve(2) system calls allows
an attacker to modify the memory contents of suid/sgid processes which
could lead to compromise of the super-user account.

A source code patch exists which remedies the problem:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/020_ptrace.patch


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC