Vigil@nce - AIX: denial of service via ptrace
May 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can call the ptrace() function of AIX, in order
to obtain sensitive information, or to trigger a denial of service.
Impacted products: AIX
Severity: 2/4
Creation date: 05/05/2014
Revision date: 07/05/2014
DESCRIPTION OF THE VULNERABILITY
The ptrace() function is used to monitor the execution of a
process.
The PT_LDINFO parameter indicates ptrace() to return information
about libraries. For example:
ptrace(PT_LDINFO, childpid, buffer, buffer_size, NULL);
However, if buffer_size is larger than the size of the structure
used by PT_LDINFO, data located after the end of the buffer comes
from the kernel memory. Moreover, if buffer_size is set to -1, the
kernel tries to initialize a large memory area and stops.
A local attacker can therefore call the ptrace() function of AIX,
in order to obtain sensitive information, or to trigger a denial
of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/AIX-denial-of-service-via-ptrace-14699