NetBSD Verified exec Failure

2005-10-31T00:00:00
ID OSVDB:20725
Type osvdb
Reporter OSVDB
Modified 2005-10-31T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when verified exec allows a malicious user to execute specially crafted binaries. This flaw may lead to a loss of integrity.

Technical Description

Verified exec uses the namei interface. The namei interface is used to convert pathnames to file system vnodes. The namei interface contains a function named NDINIT, which initialises a nameidata structure pointed to by ndp for use by the namei interface. The NDINIT function fails to use UIO_SYSSPACE. As a result, characters are copied from a user address rather than a kernel address.

Specifically, in the verifiedexecioctl() function in sys/dev/verified_exec.c, UIO_USERSPACE should have been UIO_SYSSPACE.

Solution Description

Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when verified exec allows a malicious user to execute specially crafted binaries. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.netbsd.org/ Vendor Specific Advisory URL Security Tracker: 1015132 Related OSVDB ID: 20728 Related OSVDB ID: 20731 Related OSVDB ID: 20726 Related OSVDB ID: 20727 Related OSVDB ID: 20729 Related OSVDB ID: 20730 Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051101-00969.html?lang=en CVE-2005-4779