多个供应商BSD /proc文件系统漏洞

漏洞信息详情

多个供应商BSD /proc文件系统漏洞

• CNNVD编号：CNNVD-200002-051
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0094
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2000-02-16
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  netbsd
• 漏洞来源：
  This advisory was …

BSD系统中的procfs存在漏洞。本地用户借助修改的标准错误的文件描述符，通过修改/proc/pid/mem接口提升根特权。

OpenBSD has the following patch available:
http://www.openbsd.org/errata.html#procfs
FreeBSD has the following patch available:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:02/procfs.patch
From the NetBSD advisory:
A patch is available for NetBSD 1.4.1, that revokes all vnodes referring to procfs files when a process is about to execute a setuid or setgid binary. It is located at: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000130-procfs
NetBSD-current since 20000126 is not vulnerable. Users of NetBSD-current should upgrade to a source tree later than 20000126

来源: XF
名称: netbsd-procfs(3995)
链接:http://xforce.iss.net/xforce/xfdb/3995

来源: BID
名称: 940
链接:http://www.securityfocus.com/bid/940

来源: OSVDB
名称: 20760
链接:http://www.osvdb.org/20760

来源: NETBSD
名称: NetBSD-SA2000-001
链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc