SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   OS (UNIX)  >   Kernel execve Vendors:   OpenBSD
(Fix is Available) Re: OpenBSD Kernel Race Condition Lets Local Users Gain Root Level Privileges
SecurityTracker Alert ID:  1001766
SecurityTracker URL:  http://securitytracker.com/id/1001766
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 16 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenBSD 2.9,2.8
Description:   Georgi Guninski reported a vulnerability in OpenBSD that lets local users obtain root level access on the host by exploiting a race condition that apparently exists in the kernel.

The vendor reports that a race condition exists in the kernel execve(2) implementation that opens a small window of vulnerability for a non-privileged user to ptrace(2) attach to a suid/sgid process. Patches are reportedly available and the fix has also been implemented in the 2.8 and 2.9 stable code branches.
Impact:   A local user can obtain root level privileges on the host.
Solution:   Patches are available and the fix has been implemented in the 2.8 and 2.9 stable code branches.

2.8 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch

2.9 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch
Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   State error
Underlying OS:   UNIX (OpenBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 14 2001 OpenBSD Kernel Race Condition Lets Local Users Gain Root Level Privileges


 Source Message Contents
Date:  Sat, 16 Jun 2001 11:08:53 -0400 (EDT)
Subject:  patch for exec+ptrace security hole available


A race condition exists in the kernel execve(2) implementation that opens
a small window of vulnerability for a non-privileged user to
ptrace(2) attach to a suid/sgid process.

2.8 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/030_kernexec.patch

2.9 patch:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/007_kernexec.patch

The fix has also been committed to the 2.8 and 2.9 stable branches.

The bug was found by Georgi Guninski; Art Grabowski came up with a fix.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC