SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   User-Mode Linux Vendors:   User-mode-linux.sourceforge.net
User Mode Linux 'uml_net' Configuration Error Lets Local Users Perform Privileged Operations
SecurityTracker Alert ID:  1006837
SecurityTracker URL:  http://securitytracker.com/id/1006837
CVE Reference:   CVE-2003-0019   (Links to External Site)
Date:  May 24 2003
Impact:   Modification of system information

Version(s): Tested on uml_utilities_20030312.tar.bz2
Description:   In the original report (based on a Red Hat Errata), it was noted that there was a configuration vulnerability in the kernel-utils package in uml_net. An updated report indicates that the upstream version of uml_net is still vulnerable and that a local user can execute arbitrary code with root privileges.

A local user can reportedly supply a large negative version number to cause uml_net to execute arbitrary code. Because uml_net is configured with set user id (setuid) root user privileges, the code will run with root privileges.

[Editor's note: The original Red Hat advisory RHSA-2003:056-08 did not mention the negative integer overflow vulnerability, instead indicating that the main problem with uml_net was that the utility was improperly configured with setuid root user privileges, and the solution appears to have been associated with removing the setuid status. The related Red Hat bugzilla bug report #83685 submitted by Johnny Robertson accuractly mentioned the integer overflow flaw. However, at the time of this entry, the vulnerability had not been corrected in the upstream uml_net distribution. Credit goes to ktha@hushmail.com for noting the flaw in the upstream version and confirming that arbitrary code can indeed be executed.]

Impact:   A local user can perform certain privileged networking operations.
Solution:   At the time of this entry, no solution was available from the upstream vendor.

For Red Hat users, Red Hat has issued a version that removes the suid configuration, mitigating the impact of the vulnerability [see the Message History for information on the Red Hat fix.]

Vendor URL:  user-mode-linux.sourceforge.net/networking.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Feb 9 2003 Red Hat Linux Kernel-Utils 'uml_net' Configuration Error Lets Local Users Perform Privileged Operations



 Source Message Contents

Subject:  [Full-Disclosure] Fw: bug in uml_net


There is a vulnerability in uml_net. The latest version is vulnerable too.
The problem is the lack of bounds checking in uml_net.c from uml_utilities,
A possible attack could lead to root compromise on some systems since for
example uml_net comes suided root in RH 8.0 by default.

Suggested patch:

- if(v > CURRENT_VERSION){
+ if ((v > CURRENT_VERSION) || (v < 0)) {

Contact: ktha@hushmail.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC