|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Multics on 645 contains a flaw that may allow a local user to gain elevated privileges. The issue occurs when a crafted IDC modifier is used to gain access to ring0 functions. This could be achieved when a user supplied an argument pointer that is constructed to contain an IDC modifier (increment address, decrement tally, and continue) that causes the first reference through the indirect chain to address a valid argument. This first reference is the one made by the argument validator. The reference through the IDC modifier increments the address field of the tally word causing it to point to a different indirect word which in turn points to a different ITS pointer which points to an argument which is writable in ring 0 only. The second reference through this modified indirect chain is made by the ring 0 program which proceeds to write data where it shouldn't.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
Multics on 645
 |
Unknown or Unspecified |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
