发布时间 :2005-12-31 00:00:00
修订时间 :2008-09-05 16:57:41

[原文]NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.



- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:netbsd:netbsd:2.0.3NetBSD 2.0.3
cpe:/o:netbsd:netbsd:2.0NetBSD 2.0
cpe:/o:netbsd:netbsd:2.1NetBSD 2.1
cpe:/o:netbsd:netbsd:1.6.1NetBSD 1.6.1
cpe:/o:netbsd:netbsd:2.0.2NetBSD 2.0.2
cpe:/o:netbsd:netbsd:2.0.1NetBSD 2.0.1
cpe:/o:netbsd:netbsd:1.6NetBSD 1.6
cpe:/o:netbsd:netbsd:1.6.2NetBSD 1.6.2

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  15290

- 漏洞信息

高危 访问验证错误
2005-12-31 00:00:00 2006-03-27 00:00:00

- 公告与补丁


- 漏洞信息

NetBSD P_SUGID Flag ptrace() Check Bypass
Local Access Required Misconfiguration
Loss of Integrity

- 漏洞描述

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses exec() to spawn a replacement process that can defeat ptrace()'s check on P_SUGID. This flaw will allow debugger attachment to the replacement process, leading to a loss of integrity.

- 时间线

2005-11-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.1 after the correction date or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds: mount filesystems with the nosuid option, or remove setuid bits or general user access from setuid programs. These workarounds are likely to affect required functionality.

- 相关参考

- 漏洞作者