The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability 12355

NetBSD: denial of service of uipc_syscalls.c

Synthesis of the vulnerability

A local attacker can use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.
Impacted products: NetBSD.
Severity: 1/4.
Creation date: 29/01/2013.
Identifiers: NetBSD-SA2013-001, VIGILANCE-VUL-12355.

Description of the vulnerability

The ktrace and ktruss commands are used to track system calls done by a process.

The sendmsg() and recvmsg() system calls are used by applications to exchange messages. The do_sys_sendmsg_so() and do_sys_recvmsg_so() functions of the src/sys/kern/uipc_syscalls.c file implement these system calls.

However, these functions do not allocate the "iov" structure, which is used by ktrace/ktruss. A local attacker can thus create a program using sendmsg/recvmsg. Then, he can stop the application, attach ktrace/ktruss, and restart the application. The kernel then tries to access to the "iov" structure, which triggers a fatal error.

A local attacker can therefore use sendmsg/recvmsg and ktrace/ktruss, in order to stop the NetBSD kernel.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability announces. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.