NetBSD SVR4 compatibility script could set incorrect permissions on disk devices
| netbsd-svr4 (2098) |  High Risk |
Description:
An error in the MAKEDEV script distributed with i386 versions of NetBSD creates the /dev/wabi device with incorrect device numbers. This could allow local user to gain access to the first IDE disk on the system, which could possibly be leveraged to increase privileges.
Consequences:
Gain Access
Remedy:
For NetBSD 1.3.3:
Apply the 19990419-SVR4_MAKEDEV patch, as listed in NetBSD Security Advisory 1999-009. See References.
Note: NetBSD-Current users should upgrade to a source tree later than 19990420.
To remove this vulnerability from affected systems, issue the following series of commands as root:
- /bin/rm -f /emul/svr4/dev/wabi
- /sbin/mknod /emul/svr4/dev/wabi c 2 2
- /bin/chmod u=rw,g=rw,o=rw /emul/svr4/dev/wabi
References:
- NetBSD Security Advisory 1999-009: SVR4 compatibility device creation vulnerability. (From SecurityFocus archive.)
- BID-114: NetBSD SVR4 compatibility device creation Vulnerability
- CVE-1999-0466: The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
- OSVDB ID: 905: NetBSD SVR4 Compatibility Device Creation File Access
Platforms Affected:
- NetBSD NetBSD 1.3
- NetBSD NetBSD 1.3.1
- NetBSD NetBSD 1.3.2
- NetBSD NetBSD 1.3.3
Reported:
Apr 20, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net