| OSVDB ID | Disclosure Date | Title |
|---|
|
22128
Description:
Multics on 6180 contains a flaw that may allow a local user to gain elevated privileges. The issue was caused by the call limiter not being set on gate segments, allowing the user to transfer to any instruction within the gate rather than to just an entry transfer vector. This would allow control of data passed to the mxerror routines, allowing ring0 access.
|
1974-06-01
|
Multics on 6180 Call Limiter Gate Segment Failure Privilege Escalation
|
|
22129
Description:
Multics on 6180 contains a flaw that may allow a local user to crash the machine. The issue occured during the login process, when the 'tally word' did not have write permission, causing an access violation, subsequently crashing the entire machine. This could be performed without authenticating on the machine.
|
1974-06-01
|
Multics on 6180 Tally Word Permission Error Login DoS
|
|
22130
Description:
Multics contains a flaw that may allow a local user to gain elevated privileges. The issue occured when a user used the hphcs_ privileged gate to transfer the appropriate absolute segment number rather than using dynamic linking to gain access to any hphcs_ capability.
|
1974-06-01
|
Multics on 6180 SLT-KS Dual SDW hphcs_ Privilege Escalation
|
|
22131
Description:
Multics on 6180 machines contain several flaws. During an audit of the Multics system, many vulnerabilities were identified and disclosed. At the end of the audit, notation was made that there "additional vulnerabilities identified but at the time have not been developed into demonstrations." No further details have been provided.
|
1974-06-01
|
Multics on 6180 Multiple Unspecified Issues
|
|
22132
Description:
IBM OS/360 contains a flaw related to the service aid, IMASPZAP (SUPERZAP) that may allow an attacker to bypass access restrictions. No further details have been provided.
|
1974-06-01
|
IBM OS/360 Suplied Service Aid Restriction Bypass
|
|
22133
Description:
Multics contains a flaw that may allow a local user to crash the machine. The issue occurs when a user causes the master mode procedure to enter a location improperly. When the index register zero is out of bounds, the processor registers are saved for debugging and control is transferred to "mxerror". By moving the signaller|0 with a bad value in index register zero, a user could crash the system.
|
1974-06-01
|
Multics on HIS 645 mxerror Crafted signaller|0 Local DoS
|
|
22134
Description:
Multics contains a flaw that may allow a local user to elevate privileges. The issue is due to a flaw in the unlocked stack base system. It is possible for an attacker to manipulate the signaller to enter at location 0 with an invalid index register before setting the stack pointer to an area of extraneous storage in a link segment (such as emergency_shutdown.link). This could allow an attacker to place custom code in the link that would be executed with ring0 privileges.
|
1974-06-01
|
Multics on HIS 645 Unlocked Stack Base Master Mode Privilege Escalation
|
|
22135
Description:
Multics contains a flaw that may allow a local attacker to gain elevated privileges. The issue occured when a specific sequence of code was used to bypass the access checking on the 645 machine. This occured when the execute instruction was in certain restricted locations of a segment with at least read-execute (re) permission. The execute instruction then referenced an object instruction in word zero of a second segment with at least R permission. The object instruction indirected through an ITS pointer in the first segment to access a word for reading or writing in a third segment. The third segment was required to be "active"; that is, to have an SDW pointing to a valid page table for the segment. If all these conditions were met precisely, the access control fields in the SDW of the third segment would be ignored and the object instruction permitted to complete without access checks.
|
1974-06-01
|
Multics on HIS 645 Execute Instruction SDW Access Check Bypass
|
|
22136
Description:
Multics on 645 contains a flaw that may allow a local user to gain elevated privileges. The issue occurs when a crafted IDC modifier is used to gain access to ring0 functions. This could be achieved when a user supplied an argument pointer that is constructed to contain an IDC modifier (increment address, decrement tally, and continue) that causes the first reference through the indirect chain to address a valid argument. This first reference is the one made by the argument validator. The reference through the IDC modifier increments the address field of the tally word causing it to point to a different indirect word which in turn points to a different ITS pointer which points to an argument which is writable in ring 0 only. The second reference through this modified indirect chain is made by the ring 0 program which proceeds to write data where it shouldn't.
|
1974-06-01
|
Multics on HIS 645 Crafted IDC Modifier Privileged Ring Access
|
|
66172
Description:
PLATO systems with the TUTOR language and 'ext' command could be used to send an 'ext' request to another terminal. If the remote terminal did not have a device attached, it would cause the terminal to lock up, requiring a power reset to fix.
|
1974-01-01
|
TUTOR on PLATO IV ext Command Remote DoS
|
