|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Multiple BSD operating systems contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user causes a process to exec a setuid binary, while gaining ptrace control over it by using a debugger. The control lasts only for a short period of time before the process is activated. During this window of time, the ptrace controller process can modify the address space of the controlled process and abuse its elevated privileges. This flaw may lead to a loss of integrity.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Other
Impact:
Loss of Integrity
Exploit:
Exploit Unavailable
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to FreeBSD 4.4-STABLE, or the RELENG_4_3 or RELENG_4_4 security branch, dated after the respective correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released patches to address this vulnerability.
Upgrade to NetBSD 1.4.4 or higher or 1.5.3 or higher, as it has been reported to fix this vulnerability. In addition, NetBSD has released patches to address this vulnerability.
Upgrade to OpenBSD 3.1 or higher, as it has been reported to fix this vulnerability. In addition, OpenBSD has released a patch to address this vulnerability.
|
|
Products |
|
NetBSD
 |
1.3.x |
1.4 |
1.4.1 |
1.4.2 |
1.4.3 |
1.5 |
1.5.1 |
1.5.2 |
|
OpenBSD
|
3.0 |
2.x |
|
FreeBSD
|
3.x |
4.0 |
2.x |
4.1 |
4.1.1 |
4.2 |
4.3 |
4.4 |
4.4-RELEASE |
4.4-STABLE |
|
|
|
|
Credit |
- Logan Gabriel - gersh
 sonn.com -
- Dag-Erling Smørgrav - desFreeBSD.org - FreeBSD Project
- Robert Watson - rwatsonFreeBSD.org -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
