Bugtraq mailing list archives
NetBSD Security Advisory 1999-002
From: mrg () ETERNA COM AU (matthew green)
Date: Tue, 9 Feb 1999 17:15:23 +1100
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 1999-002 ================================= Topic: Security problem with netstat Version: NetBSD-current from 19980603 to 19990208. Severity: Local users are able to read any kernel memory location. Abstract ======== In the version of netstat between the two dates above, a security hole exists which will allow non-root users to examine any kernel memory location. Technical Details ================= The code which was added to allow printing of kernel protocol control blocks does not have strict checks to make certain the memory being display is a protocol control block. Also, since the block contains information like TCP sequence numbers, users should generally not be allowed to examine these blocks. Solutions and Workarounds ========================= NetBSD-current users should update to a source tree newer than 19990208, or apply this patch and rebuild netstat: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990208-netstat If this action cannot be taken easily, netstat can be disabled for non-root users. chmod 555 /usr/bin/netstat Thanks To ========= Thanks go to Michael Graff <explorer () netbsd org> and Charles Hannum <root () ihack net> for the discovery and resolution of this bug. More Information ================ Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 1999, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA1999-002.txt,v 1.2 1999/02/09 01:27:27 mrg Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBNr/O/T5Ru2/4N2IFAQHoEQQAm9tgcL/9FCCrt+aNUe0oPIgZjlL0w93w qGMo9JeeVx3YdHh9lPo1YH1ra9Jeb5SDVY3d0CJo+hHE5cudKCsMHFj1oKpDr9ZS u9TAk6P8e5FKCUemcLrsYWIo0n+hk8xKyTtXEgjzbDRxJp2VtemiG1hR2Q6yTIex 8dWtyKTd9fI= =6eFn -----END PGP SIGNATURE-----
Current thread:
- Re: remote exploit on pine 4.10 - neverending story? Anton Chuvakin (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)
- RPM for RedHat 4.2 incorporating Terence's patch available bugtraq mailing list account (Feb 08)
- L0pht Advisory - Rational Software ClearCase root exploitable Dr. Mudge (Feb 08)
- Re: L0pht Advisory - Rational Software ClearCase root exploitable Oezguer Kesim (Feb 09)
- Microsoft Security Bulletin (MS99-004) aleph1 () UNDERGROUND ORG (Feb 08)
- NetBSD Security Advisory 1999-002 matthew green (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? Sergiy Zhuk (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)