The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of resmgr: bypassing USB restrictions

Synthesis of the vulnerability 

An attacker allowed to access an USB device can access all others.
Vulnerable products: Debian, openSUSE, Unix (platform) ~ not comprehensive.
Severity of this weakness: 1/4.
Creation date: 02/05/2006.
Références of this bulletin: CERTA-2002-AVI-144, CVE-2006-2147, DSA-1047-1, SUSE-SR:2006:004, VIGILANCE-VUL-5808.

Description of the vulnerability 

The resource manager (resmgr) defines devices that applications can use. Access to an USB port uses for example following syntax:
  "usb:bus_number,dev_number"

The get_usb_name() function returns name of device in a static variable. As access to this variable is not managed by a lock, another thread can obtain the same variable value. When "usb:..." syntax is used, the access check can thus be done on the bad value.

Therefore, when access is allowed to one USB device, a local attacker can use a race attack to access other devices.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability alert impacts software or systems such as Debian, openSUSE, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer weakness alert is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer vulnerability.

Solutions for this threat 

resmgr: patch.
A patch is available.

Debian: new resmgr packages.
New packages are available:
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_amd64.deb
      Size/MD5 checksum: 4422 0ca68e35b937773dfa3b89dd8945281b
    http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_amd64.deb
      Size/MD5 checksum: 8194 0317c1c3ed93bd13aebe521949d4fda5
    http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_amd64.deb
      Size/MD5 checksum: 33304 2275f781d337907b87ad31d0779d1a0c
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_i386.deb
      Size/MD5 checksum: 4422 852f6d951e3ed2fd4e8740e2bc8b1fa6
    http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_i386.deb
      Size/MD5 checksum: 25906 0f7831ec7b0382a6962cbddecfa2ef5c
    http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_i386.deb
      Size/MD5 checksum: 41224 d6df916c394f4c826b4d9e75434a261a
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_ia64.deb
      Size/MD5 checksum: 4414 39ad0549329d2dd0810d580c65629012
    http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_ia64.deb
      Size/MD5 checksum: 10196 031bad7b1ba99e6b7e337b7f506321c3
    http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_ia64.deb
      Size/MD5 checksum: 41210 47ba589e9bf7ee09769447dd759dbc0e

SUSE: new resmgr, php4, php5, ethereal, apache2 packages.
New packages are available through FTP or YaST.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.