|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
NetBSD: denial of service of uipc_syscalls.c
Synthesis of the vulnerability
A local attacker can use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.
Impacted products: NetBSD.
Creation date: 29/01/2013.
Identifiers: NetBSD-SA2013-001, VIGILANCE-VUL-12355.
Description of the vulnerability
The ktrace and ktruss commands are used to track system calls done by a process.
The sendmsg() and recvmsg() system calls are used by applications to exchange messages. The do_sys_sendmsg_so() and do_sys_recvmsg_so() functions of the src/sys/kern/uipc_syscalls.c file implement these system calls.
However, these functions do not allocate the "iov" structure, which is used by ktrace/ktruss. A local attacker can thus create a program using sendmsg/recvmsg. Then, he can stop the application, attach ktrace/ktruss, and restart the application. The kernel then tries to access to the "iov" structure, which triggers a fatal error.
A local attacker can therefore use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.
Complete Vigil@nce bulletin.... (free trial)
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability announces. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.