ISS X-Force Database: openbsd-systracepreprepl-integer-overflow(29392): OpenBSD and NetBSD systrace

OpenBSD and NetBSD systrace_preprepl() integer overflow

openbsd-systracepreprepl-integer-overflow (29392)

High Risk

Description:

OpenBSD and NetBSD are vulnerable to an integer overflow in the systrace_preprepl() function. A local attacker could send a large integer value to the ioctl() syscall to obtain sensitive information, cause a denial of service, or gain elevated privileges.

Platforms Affected:

NetBSD, NetBSD 2.0
NetBSD, NetBSD 2.0.1
NetBSD, NetBSD 2.0.2
NetBSD, NetBSD 2.0.3
NetBSD, NetBSD 2.0.4
NetBSD, NetBSD 2.1
NetBSD, NetBSD 3.0
NetBSD, NetBSD 3.0.1
NetBSD, NetBSD 3.0.2
NetBSD, NetBSD CURRENT
OpenBSD, OpenBSD 3.8
OpenBSD, OpenBSD 3.9

Remedy:

For OpenBSD 3.8:
Apply the patch for this vulnerability, as listed in OpenBSD 3.8 errata - 019: SECURITY FIX: October 7, 2006. See References.

For OpenBSD 3.9:
Apply the patch for this vulnerability, as listed in OpenBSD 3.9 errata - 014: SECURITY FIX: October 7, 2006. See References.

For NetBSD:
Refer to NetBSD Security Advisory 2006-024 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

NetBSD-SA2006-024, systrace(4) integer overflow at http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-024.txt.asc.
OpenBSD 3.8 errata, 019: SECURITY FIX: October 7, 2006 at http://www.openbsd.org/errata38.html#systrace.
OpenBSD 3.9 errata, 014: SECURITY FIX: October 7, 2006 at http://www.openbsd.org/errata.html#systrace.
BID-20392: OpenBSD Systrace STRIOCREPLACE Local Integer Overflow Vulnerability
CVE-2006-5218: Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
OSVDB ID: 29570: Multiple BSD systrace systrace_preprepl() Function Overflow
SA22324: OpenBSD systrace "systrace_preprepl()" Integer Overflow Vulnerability
SECTRACK ID: 1017009: BSD UNIX systrace STRIOCREPLACE Integer Overflow Lets Local Users Obtain Elevated Privileges

Reported:

Oct 07, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page