> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Informations ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Report title : Security problem with sockets in FreeBSD's > implementation of UNIX-domain protocol family. > Problem found by : Lukasz Luzar (lluzarat_private) > Report created by : Robert Pajak (shadowat_private) > Lukasz Luzar (lluzarat_private) > Raport published : 5th May 1999 > Raport code : KKIS.05051999.003.b > Systems affected : FreeBSD-3.0 and maybe 3.1, > Archive : http://www.security.kki.pl/advisories/ > Risk level : high > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[ Description ]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > As you know, "The UNIX-domain protocol family is a collection of protocols > that provides local interprocess communication through the normal socket > mechanism. It supports the SOCK_STREAM and SOCK_DGRAM soceket types and uses > filesystem pathnames for addressing." > The SOCK_STREAM sockets also supports the communication of UNIX file > descriptors through the use of functions sendmsg() and recvmsg(). > While testing UNIX-domain protocols, we have found probable bug in > FreeBSD's implementation of this mechanism. > When we had run attached example on FreeBSD-3.0 as local user, system > had crashed imediatelly with error "Supervisor read, page not present" > in kernel mode. > Here's my testing so far: 2.2.2 - Vulnerable 2.2.6 - Vulnerable 2.2.8 - Vulnerable 3.1-RELEASE - Ran 15 minutes, no crash. Kevin Day DragonData
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:12 PDT