OpenBSD suid Programs /dev/fd File Re-Open Issue

2006-01-05T07:18:14
ID OSVDB:22231
Type osvdb
Reporter OSVDB
Modified 2006-01-05T07:18:14

Description

Vulnerability Description

OpenBSD contains a flaw that may allow a malicious user to elevate certain privileges. The issue is triggered when an executable with the SUID bit set can be convinced to re-read a file via /dev/fd. This may result in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.

Users of OpenBSD 3.7 should apply security fix 008. Users of OpenBSD 3.8 should apply security fix 002.

Short Description

OpenBSD contains a flaw that may allow a malicious user to elevate certain privileges. The issue is triggered when an executable with the SUID bit set can be convinced to re-read a file via /dev/fd. This may result in a loss of integrity.

References:

Security Tracker: 1015437 Secunia Advisory ID:18296 Other Advisory URL: http://www.openbsd.org/errata37.html#fd CVE-2006-0098 Bugtraq ID: 16144