Bugtraq mailing list archives
Re: KKIS.05051999.003b
From: toasty () HOME DRAGONDATA COM (Kevin Day)
Date: Thu, 6 May 1999 14:10:49 -0500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Report title : Security problem with sockets in FreeBSD's implementation of UNIX-domain protocol family. Problem found by : Lukasz Luzar (lluzar () security kki pl) Report created by : Robert Pajak (shadow () security kki pl) Lukasz Luzar (lluzar () security kki pl) Raport published : 5th May 1999 Raport code : KKIS.05051999.003.b Systems affected : FreeBSD-3.0 and maybe 3.1, Archive : http://www.security.kki.pl/advisories/ Risk level : high ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Description ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As you know, "The UNIX-domain protocol family is a collection of protocols that provides local interprocess communication through the normal socket mechanism. It supports the SOCK_STREAM and SOCK_DGRAM soceket types and uses filesystem pathnames for addressing." The SOCK_STREAM sockets also supports the communication of UNIX file descriptors through the use of functions sendmsg() and recvmsg(). While testing UNIX-domain protocols, we have found probable bug in FreeBSD's implementation of this mechanism. When we had run attached example on FreeBSD-3.0 as local user, system had crashed imediatelly with error "Supervisor read, page not present" in kernel mode.
Here's my testing so far: 2.2.2 - Vulnerable 2.2.6 - Vulnerable 2.2.8 - Vulnerable 3.1-RELEASE - Ran 15 minutes, no crash. Kevin Day DragonData
Current thread:
- KKIS.05051999.003b Lukasz Luzar (May 05)
- Re: KKIS.05051999.003b Kevin Day (May 06)
- Re: KKIS.05051999.003b Eugeny Kuzakov (May 06)
- <Possible follow-ups>
- Re: KKIS.05051999.003b Don Lewis (May 07)