SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   uml_utilities Vendors:   User-mode-linux.sourceforge.net
uml_utilities umt_net slip_down() Lets Local Users Disable the Ethernet Interfaces
SecurityTracker Alert ID:  1012603
SecurityTracker URL:  http://securitytracker.com/id/1012603
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 16 2004
Impact:   Denial of service via local system, Modification of system information
Exploit Included:  Yes  
Version(s): 20030903
Description:   A vulnerability was reported in uml_utilities in the uml_net component. A local user can disable the Ethernet interfaces on the target system.

D. J. Bernstein reported that a local user can use the following type of command to takedown an Ethernet interface:

./uml_net 4 slip down eth0

The slip_down() function in 'slip.c' does not check access privileges.

The system administrator must manually bring the interface back up.

Danny Lungstrom is credited with discovering this flaw.

Impact:   A local user can disable the Ethernet interfaces on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  user-mode-linux.sourceforge.net/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents

Subject:  [local] [kill] uml-utilities 20030903 uml_net slip_down() fails to check permissions


Danny Lungstrom, a student in my Fall 2004 UNIX Security Holes course,
has discovered that uml_net, when installed setuid root (as is normal),
allows any local user to type

   ./uml_net 4 slip down eth0

to take down the computer's Ethernet connection. The connection stays
down until the system administrator manually brings it back up. I'm
publishing this notice, but all the discovery credits should be assigned
to Lungstrom.

The underlying bug is that, in slip.c, slip_down() has no idea whether
the user is actually allowed to take down the specified interface.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC