|
|
Home : Advisories : BSD/OS 2.0/2.0.1 kernel vulnerability
| Title: |
BSD/OS 2.0/2.0.1 kernel vulnerability |
| Released by: |
BSDI |
| Date: |
5th March 1996 |
| Printable version: |
Click here |
============================================================================
Security Advisory
Berkeley Software Design, Inc.
Topic: BSD/OS 2.0/2.0.1 kernel vulnerability
Number: 1996-03-05
Date: March 5, 1996
Patch: http://ftp.bsdi.com/bsdi/patches/patches-2.0.1/K201-008
=============================================================================
I. Background
A bug was found in an unused portion of the ptrace code in
BSD/OS 2.0 and 2.0.1 that caused a system vulnerability. The
bug is not present in the current release, BSD/OS 2.1. BSDI
is not aware of anyone who is actively exploiting this bug.
All BSDI customers with current support contracts were mailed
floppies containing the patch for this problem. Customers
without current support contracts can and should download the
patch from the ftp server.
II. Problem Description
Permssion checking for an unused operation was incorrect.
III. Impact
The problem could allow local users to control privileged
processes, and could thus allow users to acquire unauthorized
permissions.
This vulnerability can only be exploited by users with a valid
account on the local system.
IV. Solution(s)
Install BSDI patch K201-008 on all BSD/OS 2.0 or 2.0.1 systems,
or upgrade to BSD/OS 2.1.
=============================================================================
Berkeley Software Design, Inc.
5579 Tech Center Drive, Suite 110
Colorado Springs, CO 80919
Web Site: http://www.bsdi.com/
BSDI Support: +1 800 ITS BSD8 / +1 719 536 9346
Support Email: support@bsdi.com
PGP Key: http://ftp.bsdi.com/bsdi/info/pgp_key
|
