Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Solaris, denial of service via Auditing

July 2009 by Vigil@nce

When Solaris Auditing is enabled, a local attacker can call the
fchownat() function in order to panic the system.

Severity: 1/4

Consequences: denial of service of computer

Provenance: user shell

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 24/07/2009

IMPACTED PRODUCTS

 OpenSolaris
 Sun Solaris

DESCRIPTION OF THE VULNERABILITY

Actions are audited when Solaris Auditing (c2audit) is enabled.

The fchownat() function changes the uid and the gid of a file
(path argument), which can be relative to a directory indicated by
fd (if fd is not FDCWD):
fchownat(fd, path, uid, gid, flag);

The fchownat() function is defined in usr/src/uts/common/syscall/chown.c.
When auditing is enabled, it calls the audit_setfsat_path()
function defined in usr/src/uts/common/c2/audit.c. However, if the
fd file descriptor of fchownat() is invalid, a NULL pointer is
dereferenced in audit_setfsat_path().

When Solaris Auditing is enabled, a local attacker can therefore
call the fchownat() function in order to panic the system. The
openat(), unlinkat(), faccessat() and fstatat() functions can also
be called.

CHARACTERISTICS

Identifiers: 264428, 6795688, VIGILANCE-VUL-8883

http://vigilance.fr/vulnerability/Solaris-denial-of-service-via-Auditing-8883


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts