what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

sa96-19

sa96-19
Posted Sep 23, 1999

Buffer overflow in modstat

tags | overflow
systems | freebsd
SHA-256 | 2f494576788aabd6b420c7bcca416ca2cccb337f9f9800c5552e3e7b3cb7880b

sa96-19

Change Mirror Download

From security-officer@FreeBSD.ORG Tue Dec 10 17:22:37 1996
Date: Tue, 10 Dec 1996 14:03:03 -0600
From: FreeBSD Security Officer <security-officer@FreeBSD.ORG>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Subject: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr (REVISED)

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-96:19 Security Advisory
FreeBSD, Inc.

Topic: Buffer overflow in modstat

Category: core
Module: modstat
Announced: 1996-12-10
Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6, 2.1.6.1
Corrected: FreeBSD-current as of 1996/08/08
FreeBSD only: no

Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:19/

=============================================================================

I. Background

The modstat program is used to display status of loaded kernel modules.
It is standard software in the FreeBSD operating system.

II. Problem Description

The modstat program has always been installed setuid kmem. Within
the program, a buffer overflow can occur.


III. Impact
Local users can gain kmem privileges.


IV. Workaround

Modstat does not need to be setuid kmem. It is thus sufficient to
do the following:
su
cd /usr/bin
chmod 555 modstat
This effectively clears the setuid bit on the modstat program.

V. Solution

Apply the following patch:
(This patch can also be found on
ftp://freebsd.org/pub/CERT/patches/SA-96:19)

Index: Makefile
===================================================================
RCS file: /home/freebsd/CVS/src/usr.bin/modstat/Makefile,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
- --- Makefile 1994/08/19 12:14:02 1.1
+++ Makefile 1996/05/30 02:19:03 1.2
@@ -38,7 +38,5 @@

PROG= modstat
MAN8= modstat.8
- -BINGRP= kmem
- -BINMODE=2555

.include <bsd.prog.mk>
Index: modstat.c
===================================================================
RCS file: /home/freebsd/CVS/src/usr.bin/modstat/modstat.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
- --- modstat.c 1995/04/20 05:08:53 1.3
+++ modstat.c 1996/08/08 07:58:07 1.4
@@ -72,8 +72,9 @@
{
struct lmc_stat sbuf;

+ sbuf.name[MAXLKMNAME - 1] = '\0'; /* In case strncpy limits the string. */
if (modname != NULL)
- - strcpy(sbuf.name, modname);
+ strncpy(sbuf.name, modname, MAXLKMNAME - 1);

sbuf.id = modnum;

=============================================================================
FreeBSD, Inc.

Web Site: http://www.freebsd.org/
Confidential contacts: security-officer@freebsd.org
PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc
Security notifications: security-notifications@freebsd.org
Security public discussion: security@freebsd.org

Notice: Any patches in this document may not apply cleanly due to
modifications caused by digital signature or mailer software.
Please reference the URL listed at the top of this document
for original copies of all patches if necessary.
=============================================================================


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMq2381UuHi5z0oilAQE99wP+NktTxugo1lrVDm0FVcmqd8c3zu6s95Wt
WCvM9GLECCVB+sFbssbikQc35SvgzEjnE4lZ3J4VBrAoThG3tLOmO5si0csM8dwE
QPGMyR/fdU7DpYXEK/XKuDxre1TDJ0uOwU9DfBewgy0o5OiybRR5dxj3nsJIznnd
F5O6NNppKb0=
=qcrF
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close