OSVDB ID: 22136 Title: Multics on HIS 645 Crafted IDC Modifier Privileged Ring Access |
Info |
|
|
Dates |
||||
|
|
Description |
Multics on 645 contains a flaw that may allow a local user to gain elevated privileges. The issue occurs when a crafted IDC modifier is used to gain access to ring0 functions. This could be achieved when a user supplied an argument pointer that is constructed to contain an IDC modifier (increment address, decrement tally, and continue) that causes the first reference through the indirect chain to address a valid argument. This first reference is the one made by the argument validator. The reference through the IDC modifier increments the address field of the tally word causing it to point to a different indirect word which in turn points to a different ITS pointer which points to an argument which is writable in ring 0 only. The second reference through this modified indirect chain is made by the ring 0 program which proceeds to write data where it shouldn't. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Public |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
Credit |
Unknown or Incomplete |