Orange Applications for Business
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free trial free trial
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed

vulnerability 12355

NetBSD: denial of service of uipc_syscalls.c

Synthesis of the vulnerability

A local attacker can use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.
Impacted products: NetBSD.
Severity: 1/4.
Creation date: 29/01/2013.
Identifiers: NetBSD-SA2013-001, VIGILANCE-VUL-12355.

Description of the vulnerability

The ktrace and ktruss commands are used to track system calls done by a process.

The sendmsg() and recvmsg() system calls are used by applications to exchange messages. The do_sys_sendmsg_so() and do_sys_recvmsg_so() functions of the src/sys/kern/uipc_syscalls.c file implement these system calls.

However, these functions do not allocate the "iov" structure, which is used by ktrace/ktruss. A local attacker can thus create a program using sendmsg/recvmsg. Then, he can stop the application, attach ktrace/ktruss, and restart the application. The kernel then tries to access to the "iov" structure, which triggers a fatal error.

A local attacker can therefore use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.
Complete Vigil@nce bulletin.... (free trial)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability announces. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.

Copyright 1999-2015 Vigil@nce. Vigil@nce is a service from Orange Applications for Business. Site map. Legal notice. version française