exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

FreeBSD-SA-04-12.jailroute.asc

FreeBSD-SA-04-12.jailroute.asc
Posted Jun 9, 2004
Authored by Pawel Malachowski | Site freebsd.org

FreeBSD Security Advisory FreeBSD-SA-04:12.jailroute - A programming error has allowed local users the ability to manipulate host routing tables if superuser privileges are achieved within jailed process.

tags | advisory, local
systems | freebsd
advisories | CVE-2004-0125
SHA-256 | 0301e56f26cfa86a5da89c7242dbf8a821e5a883188131318fadee115fbac7b9

FreeBSD-SA-04-12.jailroute.asc

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-04:12.jailroute Security Advisory
The FreeBSD Project

Topic: Jailed processes can manipulate host routing tables

Category: core
Module: kernel
Announced: 2004-06-07
Credits: Pawel Malachowski
Affects: FreeBSD 4.8-RELEASE
FreeBSD 4.9-RELEASE
Corrected: 2004-04-06 20:11:53 UTC (RELENG_4)
2004-06-07 17:44:44 UTC (RELENG_4_9, 4.9-RELEASE-p10)
2004-06-07 17:42:42 UTC (RELENG_4_8, 4.8-RELEASE-p23)
CVE Name: CAN-2004-0125
FreeBSD only: YES

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
<URL:https://www.freebsd.org/security/>.

I. Background

The jail(2) system call allows a system administrator to lock up a
process and all its descendants inside a closed environment with very
limited ability to affect the system outside that environment, even
for processes with superuser privileges. It is an extension of, but
far more stringent than, the traditional Unix chroot(2) system call.

The FreeBSD kernel maintains internal routing tables for the purpose
of determining which interface should be used to transmit packets.
These routing tables can be manipulated by user processes running
with superuser privileges by sending messages over a routing socket.

II. Problem Description

A programming error resulting in a failure to verify that an attempt
to manipulate routing tables originated from a non-jailed process.

III. Impact

Jailed processes running with superuser privileges could modify host
routing tables. This could result in a variety of consequences including
packets being sent via an incorrect network interface and packets being
discarded entirely.

IV. Workaround

No workaround is available.

V. Solution

Do one of the following:

1) Upgrade your vulnerable system to 4.10-RELEASE, or to the RELENG_4_8
or RELENG_4_9 security branch dated after the correction date.

OR

2) Patch your present system:

The following patch has been verified to apply to the FreeBSD 4.8 and
4.9 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:12/jailroute.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:12/jailroute.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_4
src/sys/net/rtsock.c 1.44.2.13
RELENG_4_9
src/UPDATING 1.73.2.89.2.11
src/sys/conf/newvers.sh 1.44.2.32.2.11
src/sys/net/rtsock.c 1.44.2.11.4.1
RELENG_4_8
src/UPDATING 1.73.2.80.2.26
src/sys/conf/newvers.sh 1.44.2.29.2.24
src/sys/net/rtsock.c 1.44.2.11.2.1
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAxNyTFdaIBMps37IRAkTtAJ9LL92gdrIr3drFL7+EzgIz3Tp3EQCgl3XM
FySjBz6+a74mtEX89hLRcBI=
=dWI/
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close