Multics on 6180 Call Limiter Gate Segment Failure Privilege Escalation

1974-06-01T22:31:21
ID OSVDB:22128
Type osvdb
Reporter OSVDB
Modified 1974-06-01T22:31:21

Description

Vulnerability Description

Multics on 6180 contains a flaw that may allow a local user to gain elevated privileges. The issue was caused by the call limiter not being set on gate segments, allowing the user to transfer to any instruction within the gate rather than to just an entry transfer vector. This would allow control of data passed to the mxerror routines, allowing ring0 access.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Multics on 6180 contains a flaw that may allow a local user to gain elevated privileges. The issue was caused by the call limiter not being set on gate segments, allowing the user to transfer to any instruction within the gate rather than to just an entry transfer vector. This would allow control of data passed to the mxerror routines, allowing ring0 access.

References:

Related OSVDB ID: 22136 Related OSVDB ID: 22129 Related OSVDB ID: 22132 Related OSVDB ID: 22130 Related OSVDB ID: 22133 Related OSVDB ID: 22135 Related OSVDB ID: 22131 Related OSVDB ID: 22134 Other Advisory URL: http://csrc.nist.gov/publications/history/karg74.pdf Other Advisory URL: http://cnscenter.future.co.kr/resource/rsc-center/vendor-wp/ibm/RC22534.pdf Keyword: karg74