'[SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secunia-sec-adv
Subject:    [SA11714] FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue
From:       Secunia Security Advisories <sec-adv () secunia ! com>
Date:       2004-05-26 14:14:30
Message-ID: 200405261414.i4QEEU5e007538 () secunia ! com
[Download RAW message or body]


TITLE:
FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue

SECUNIA ADVISORY ID:
SA11714

VERIFY ADVISORY:
http://secunia.com/advisories/11714/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
FreeBSD 5.x
FreeBSD 4.x

DESCRIPTION:
Stephan Uphoff and Matt Dillon has discovered a security issue in
FreeBSD. This can be exploited by malicious, local users to prevent
changes to certain files, which they have read access to, from being
committed to disk.

The problem is reportedly caused due to programming errors within the
"msync()" system call when performing MS_INVALIDATE operations.

SOLUTION:
Update to a fixed version or apply patches.

-- Corrected versions --

2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE)
2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8)
2004-05-22 23:09:19 UTC (RELENG_4_10, 4.10-RELEASE)
2004-05-25 23:01:21 UTC (RELENG_4_9, 4.9-RELEASE-p9)
2004-05-25 23:01:19 UTC (RELENG_4_8, 4.8-RELEASE-p22)


-- Patches --

FreeBSD 5.2:
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch.asc

FreeBSD 4.8, 4.9, and 4.10:
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch.asc

PROVIDED AND/OR DISCOVERED BY:
Stephan Uphoff and Matt Dillon

ORIGINAL ADVISORY:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=secunia-sec-adv@progressive-comp.com

----------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic