Contributed by grey on from the unfortunately delayed announcements dept.
More stringent checking should be done in the copy(9) functions to prevent their misuse.
The patch may be downloaded here for 3.6 and here for 3.5. As always, be sure to check http://www.openbsd.org/errata.html for any additional details.
(Comments are closed)
By Anonymous Coward (67.184.174.29) on
Comments
By Bert (216.175.250.42) thrashbluegrass at antisocial dot com on
Linux kernel i386 SMP page fault handler privilege escalation
"Locally exploitable flaw has been found in the Linux page fault handler code that allows users to gain root privileges if running on multiprocessor machine."
"pwned" indeed.
PaX privilege elevation security bug
"unprivileged users can execute arbitrary code with the privileges of the target in any program they or other users can execute it is definitely exploitable for local users,remote exploitability depends on how much control one can have over executable file mappings in the target"
Double "pwnage;" not only is it a local (and possibly remote) exploit, it was contained in a security patch.
Not claiming superiority, just reminded of something some carpenter said about motes and planks.
Comments
By Anonymous Coward (200.165.250.45) on
Comments
By Bert (216.175.250.42) thrashbluegrass at antisocial dot com on
By Brian (205.161.1.46) on
Comments
By tedu (67.124.149.56) on
Comments
By Anonymous Coward (195.212.29.91) on
Comments
By Anonymous Coward (62.227.91.160) on
root: "master-user" (UID 0)(default firstname Charlie) which has access to everything on your openbsd install.
local user root (exploit): a way for a local user to exploit an error in the code of a programm to gain root-privileges.
code is fixed, update as usual, be secure.
and as usual: you don't give out shell access to someone you don't trust. even on openbsd.
By danz (217.220.29.251) sandolo@gmail.com on
Just curiosity.
Comments
By tedu (68.120.199.134) on
By eMKo (62.141.24.1) on
Comments
By Anonymous Coward (134.58.253.131) on
By Anonymous Coward (172.196.187.204) on
Comments
By eMKo (62.141.24.1) on
Comments
By Anthony (68.145.112.234) on
Comments
By danz (80.181.228.222) sandolo@gmail.com on
Comments
By Anthony (68.145.112.234) on
By gwyllion (134.58.253.131) on
By Norbert (203.215.101.75) on
Comments
By tedu (64.173.147.27) on
By Noryungi (82.123.236.177) on
Yep, it looks like the same issue is in FreeBSD. And, according to NetBSD-security, a related problem is also present in NetBSD/i386.
Link: NetBSD Tech-Security Archive.
Comments
By Anonymous Coward (67.102.173.11) on
Comments
By gwyllion (134.58.253.131) on
By JP (82.154.117.253) on
Comments
By Lars Hansson (203.65.245.7) lars@unet.net.ph on
By wob (66.103.222.185) wob@bonch.org on
By tedu (68.120.199.134) on
Comments
By JP (82.154.117.253) on
Also, more information of the vulnerability can help the administrator evaluate the extent of the damage it might be caused, and what applications may or may not rely on that specific vulnerable functions.
For those who replyed that patchmakers don't have time to write full reports, I agree to some extent. Nobody (well, not me) is asking for full reports, but if you look at the patches page you'll see that every other patch has a more useful description than this specific one.
By Nick Holland (63.166.204.168) nick@holland-consulting.net on http://www.openbsd.org/faq/
At least, that will REALLY change your life?
It's a bug. We felt it important enough to put in errata. It's in a function which "copy data from user-space to kernel-space or vice-versa". What more do you want?
MS Advisories tend to be wordy, but like IE error message screens, lots of words, very little content.
Comments
By Anonymous Coward (67.102.173.11) on
By Brian (205.161.1.46) on
An educated guess as to the severity of the issue or its impact? I don't think that it would have taken much more effort to state that it was thought that the bug could be exploited by local users to gain root privledges. I sure would have appreciated it and I'm sure others would have to.
Comments
By djm@ (80.124.175.42) on
Comments
By Brian (205.161.1.46) on
By djm@ (80.124.175.42) on
Comments
By Anthony R (68.145.103.21) on
By Anonymous Coward (68.121.23.73) on
The patch addresses a SECURITY PROBLEM. If you don't PATCH, you are vulnerable. Do you ignore a patch when its header says "SECURITY FIX"?
By Anonymous Coward (216.220.225.229) on
Comments
By Anonymous Coward (216.17.222.1) on
By Anonymous Coward (67.102.173.11) on
Comments
By Matthias Kilian (84.134.31.106) on
Of course, this completely sucks -- fixing problems after allready beeing exploited is much more exciting.
[Just in case someone doesn't get it: this was sarcasm]
Ciao,
Kili
By morf (68.104.57.241) on
By Anonymous Coward (66.131.206.88) on
By Anonymous Coward (67.78.160.141) on
By bob (80.129.0.174) on
best bob