SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   OpenBSD Kernel Vendors:   OpenBSD
BSD UNIX Kernel ktrace(2) Function Allows Local Users to Trace Processes With Elevated Privileges
SecurityTracker Alert ID:  1004658
SecurityTracker URL:  http://securitytracker.com/id/1004658
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 29 2002
Impact:   Disclosure of system information, Disclosure of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 3.1
Description:   A vulnerability was reported in the BSD kernel. A local user may be able to view information for privileged system calls, potentially giving the user information to be able to obtain elevated privileges on the system.

It is reported that the ktrace(2) command, which enables kernel trace logging, allows local users to ktrace(2) processes that have set user id (suid) and set group id (sgid) privileges. Kernel operations that can be traced include system calls, namei translations, signal processing, and I/O.

A local user could view sensitive information in the ktrace log file.

Impact:   A local user could view privileged information on the system and, with that information, possibly obtain elevated privileges on the system.
Solution:   The vendor has released source code patches to correct the problem:

For 3.0:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_ktrace.patch

For 3.1:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/009_ktrace.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
(FreeBSD Issues Fix) BSD UNIX Kernel ktrace(2) Function Allows Local Users to Trace Processes With Elevated Privileges
The vendor has released a fix.



 Source Message Contents

Subject:  OpenBSD Security Fix


SECURITY FIX: June 27, 2002
     The kernel would let any user ktrace(2) set[ug]id processes.
     A source code patch exists which remedies the problem. 

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/029_ktrace.patch


ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/009_ktrace.patch



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC