FreeBSD msync allows elevated privileges

freebsd-msync-gain-privileges (16254) The risk level is classified as HighHigh Risk

Description:

FreeBSD could allow a local attacker to gain elevated privileges, caused by a vulnerability in the msync function when an MS_INVALIDATE operation is performed. If a file is modified, a local attacker, with read access to this file, could restrict changes made to that file from being committed to disk.


Consequences:

Gain Privileges

Remedy:

Upgrade to the latest version of FreeBSD (RELENG_4, 4.10-STABLE, RELENG_5_2, 5.2.1-RELEASE-p8, RELENG_4_9, 4.9-RELEASE-p9, RELENG_4_8 and 4.8-RELEASE-p22 dated prior to 2004-05-25 and RELENG_5_2 and 5.2.1-RELEASE-p8 dated prior to 2004-05-22), as listed in FreeBSD Security Advisory FreeBSD-SA-04:11.msync. See References.

—OR—

Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-04:11.msync. See References.

References:

  • The FreeBSD Project Security Advisory FreeBSD-SA-04:11.msync : buffer cache invalidation implementation issues.
  • BID-10416: FreeBSD Msync(2) System Call Buffer Cache Implementation Vulnerability
  • CVE-2004-0435: Certain programming errors in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
  • SA11714: FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue

Platforms Affected:

  • FreeBSD FreeBSD 4.10
  • FreeBSD FreeBSD 4.8
  • FreeBSD FreeBSD 4.9
  • FreeBSD FreeBSD 5.2.1
  • FreeBSD FreeBSD RELENG_4
  • FreeBSD FreeBSD RELENG_4_10
  • FreeBSD FreeBSD RELENG_4_8
  • FreeBSD FreeBSD RELENG_4_9
  • FreeBSD FreeBSD RELENG_5_2

Reported:

May 26, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page