[9419] in bugtraq
NetBSD Security Advisory 1999-002
daemon@ATHENA.MIT.EDU (matthew green)
Tue Feb 9 01:31:02 1999
Date: Tue, 9 Feb 1999 17:15:23 +1100
Reply-To: matthew green <mrg@ETERNA.COM.AU>
From: matthew green <mrg@ETERNA.COM.AU>
X-To: netbsd-announce@netbsd.org
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 1999-002
=================================
Topic: Security problem with netstat
Version: NetBSD-current from 19980603 to 19990208.
Severity: Local users are able to read any kernel memory
location.
Abstract
========
In the version of netstat between the two dates above, a security hole
exists which will allow non-root users to examine any kernel memory
location.
Technical Details
=================
The code which was added to allow printing of kernel protocol control
blocks does not have strict checks to make certain the memory being
display is a protocol control block. Also, since the block contains
information like TCP sequence numbers, users should generally not be
allowed to examine these blocks.
Solutions and Workarounds
=========================
NetBSD-current users should update to a source tree newer than
19990208, or apply this patch and rebuild netstat:
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990208-netstat
If this action cannot be taken easily, netstat can be disabled for
non-root users.
chmod 555 /usr/bin/netstat
Thanks To
=========
Thanks go to Michael Graff <explorer@netbsd.org> and Charles Hannum
<root@ihack.net> for the discovery and resolution of this bug.
More Information
================
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 1999, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA1999-002.txt,v 1.2 1999/02/09 01:27:27 mrg Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBNr/O/T5Ru2/4N2IFAQHoEQQAm9tgcL/9FCCrt+aNUe0oPIgZjlL0w93w
qGMo9JeeVx3YdHh9lPo1YH1ra9Jeb5SDVY3d0CJo+hHE5cudKCsMHFj1oKpDr9ZS
u9TAk6P8e5FKCUemcLrsYWIo0n+hk8xKyTtXEgjzbDRxJp2VtemiG1hR2Q6yTIex
8dWtyKTd9fI=
=6eFn
-----END PGP SIGNATURE-----
