Vigil@nce: Linux kernel, file modification
October 2009 by Vigil@nce
In a special case, a local attacker can use /proc/PID/fd in order
to alter the file of a user.
Severity: 1/4
Consequences: data creation/edition
Provenance: user shell
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: contradictory sources (1/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 26/10/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The /proc/PID/fd/x virtual file is used to access to a file
descriptor of a process.
However, access rights to /proc/PID/fd/x are not synchronized with
access rights of the original file.
For example, if access rights to a directory (where the original
file is stored) are restricted, a local attacker can use
/proc/PID/fd/x to continue accessing to the original file.
In a special case, a local attacker can therefore use /proc/PID/fd
in order to alter the file of a user.
CHARACTERISTICS
Identifiers: BID-36806, VIGILANCE-VUL-9120
http://vigilance.fr/vulnerability/Linux-kernel-file-modification-9120