NetBSD: denial of service of uipc_syscalls.c
Synthesis of the vulnerability
A local attacker can use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.Impacted products:
Description of the vulnerability
The ktrace and ktruss commands are used to track system calls done by a process.
The sendmsg() and recvmsg() system calls are used by applications to exchange messages. The do_sys_sendmsg_so() and do_sys_recvmsg_so() functions of the src/sys/kern/uipc_syscalls.c file implement these system calls.
However, these functions do not allocate the "iov" structure, which is used by ktrace/ktruss. A local attacker can thus create a program using sendmsg/recvmsg. Then, he can stop the application, attach ktrace/ktruss, and restart the application. The kernel then tries to access to the "iov" structure, which triggers a fatal error.
A local attacker can therefore use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability announces
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.