[10469] in bugtraq
Re: KKIS.05051999.003b
daemon@ATHENA.MIT.EDU (Kevin Day)
Fri May 7 13:46:28 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <199905061910.OAA23901@home.dragondata.com>
Date: Thu, 6 May 1999 14:10:49 -0500
Reply-To: Kevin Day <toasty@HOME.DRAGONDATA.COM>
From: Kevin Day <toasty@HOME.DRAGONDATA.COM>
X-To: lluzar@SECURITY.KKI.PL
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.10.9905051119380.17696-200000@nova.kki.krakow.pl>
from Lukasz Luzar at "May 5, 1999 11:26:21 am"
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Report title : Security problem with sockets in FreeBSD's
> implementation of UNIX-domain protocol family.
> Problem found by : Lukasz Luzar (lluzar@security.kki.pl)
> Report created by : Robert Pajak (shadow@security.kki.pl)
> Lukasz Luzar (lluzar@security.kki.pl)
> Raport published : 5th May 1999
> Raport code : KKIS.05051999.003.b
> Systems affected : FreeBSD-3.0 and maybe 3.1,
> Archive : http://www.security.kki.pl/advisories/
> Risk level : high
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Description ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> As you know, "The UNIX-domain protocol family is a collection of protocols
> that provides local interprocess communication through the normal socket
> mechanism. It supports the SOCK_STREAM and SOCK_DGRAM soceket types and uses
> filesystem pathnames for addressing."
> The SOCK_STREAM sockets also supports the communication of UNIX file
> descriptors through the use of functions sendmsg() and recvmsg().
> While testing UNIX-domain protocols, we have found probable bug in
> FreeBSD's implementation of this mechanism.
> When we had run attached example on FreeBSD-3.0 as local user, system
> had crashed imediatelly with error "Supervisor read, page not present"
> in kernel mode.
>
Here's my testing so far:
2.2.2 - Vulnerable
2.2.6 - Vulnerable
2.2.8 - Vulnerable
3.1-RELEASE - Ran 15 minutes, no crash.
Kevin Day
DragonData
