Multiple BSD Kernel Asynchronous I/O Facility Notification DoS

1997-09-15T00:00:00
ID OSVDB:11062
Type osvdb
Reporter Alan Peakall()
Modified 1997-09-15T00:00:00

Description

Vulnerability Description

Certain BSD-derived kernels contain a flaw that may allow a local denial of service. The issue is triggered when a malicious user sends signals to arbitrary processes via certain ioctl and fcntl system calls to interrupt or kill processes, resulting in loss of availability for the service or platform.

Technical Description

Surgical application of this vulnerability can be used to compromise the system - for example, a process holding a bound address (NFS port 2049, for instance) can be killed off and it's port stolen; this can be used to steal NFS file handles.

Solution Description

Upgrade to OpenBSD version 2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

For all others, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Certain BSD-derived kernels contain a flaw that may allow a local denial of service. The issue is triggered when a malicious user sends signals to arbitrary processes via certain ioctl and fcntl system calls to interrupt or kill processes, resulting in loss of availability for the service or platform.

References:

Vendor Specific Advisory URL ISS X-Force ID: 556 CVE-1999-1214