NetBSD SVR4 Compatibility Device Creation File Access

1999-04-17T00:00:00
ID OSVDB:905
Type osvdb
Reporter Klaus Klain(klaink@ira.uka.de)
Modified 1999-04-17T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a shell script used to install System V Release 4 (SVR4) binary compatibility mismatches device major numbers during device creation, resulting in read and write access to any data on the first IDE disk. This flaw may lead to a loss of integrity.

Technical Description

Please be advised that there is disagreement as to which product versions are affected. Bugtraq and X-Force assert that only the 1.3.x branch is affected.

NetBSD, in its advisory, claims all previous branches are affected. Release information from NetBSD first mentions SVR4 compatibility in version 1.2. The manner in which the mention is worded implies that SVR4 compatibility existed prior to 1.2.

However, because SVR4 compatibility existed in these early versions does not mean that they were vulnerable.

To stay true to the NetBSD advisory, all versions are listed. Neither the NetBSD Foundation nor other security databases have explictly set forth their reasons for listing the product versions they include as vulnerable. Therefore, a pre-1.3.x system may be vulnerable.

Solution Description

NetBSD has released a patch to address this vulnerability. Also, it is possible to correct the flaw by implementing the following workaround: remove the existing device special file and create a new one.

/bin/rm -f /emul/svr4/dev/wabi

/sbin/mknod /emul/svr4/dev/wabi c 2 2

/bin/chmod u=rw,g=rw,o=rw /emul/svr4/dev/wabi

Short Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a shell script used to install System V Release 4 (SVR4) binary compatibility mismatches device major numbers during device creation, resulting in read and write access to any data on the first IDE disk. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.netbsd.org Vendor Specific Advisory URL ISS X-Force ID: 2098 CVE-1999-0466 Bugtraq ID: 114