Bugtraq mailing list archives

Re: KKIS.05051999.003b

From: toasty () HOME DRAGONDATA COM (Kevin Day)
Date: Thu, 6 May 1999 14:10:49 -0500

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Report title        : Security problem with sockets in FreeBSD's
                       implementation of UNIX-domain protocol family.
 Problem found by    : Lukasz Luzar (lluzar () security kki pl)
 Report created by   : Robert Pajak (shadow () security kki pl)
                       Lukasz Luzar (lluzar () security kki pl)
 Raport published    : 5th May 1999
 Raport code         : KKIS.05051999.003.b
 Systems affected    : FreeBSD-3.0 and maybe 3.1,
 Archive             : http://www.security.kki.pl/advisories/
 Risk level          : high

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Description ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  As you know, "The UNIX-domain protocol family is a collection of protocols
 that provides local interprocess communication through the normal socket
 mechanism. It supports the SOCK_STREAM and SOCK_DGRAM soceket types and uses
 filesystem pathnames for addressing."
 The SOCK_STREAM sockets also supports the communication of UNIX file
 descriptors through the use of functions sendmsg() and recvmsg().
  While testing UNIX-domain protocols, we have found probable bug in
 FreeBSD's implementation of this mechanism.
  When we had run attached example on FreeBSD-3.0 as local user, system
 had crashed imediatelly with error "Supervisor read, page not present"
 in kernel mode.


Here's my testing so far:

2.2.2 - Vulnerable
2.2.6 - Vulnerable
2.2.8 - Vulnerable
3.1-RELEASE - Ran 15 minutes, no crash.


Kevin Day
DragonData

Current thread:

KKIS.05051999.003b Lukasz Luzar (May 05)
- Re: KKIS.05051999.003b Kevin Day (May 06)
- Re: KKIS.05051999.003b Eugeny Kuzakov (May 06)
- <Possible follow-ups>
- Re: KKIS.05051999.003b Don Lewis (May 07)