SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#943633

FreeBSD can be compromised locally via signal handlers

Overview

The FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec() on a setuid program. This vulnerability can allow a local attacker to execute arbitrary code as root.

I. Description

The unix fork() function's purpose is to create a new process from an existing process. The new process is called the child process, and the existing process is called the parent. When a process forks, it inherits the parent's signal handling settings. The unix exec() function's purpose is to replace the current process image with a new process image. After this has occured, the kernel should clear the signal handlers because they are no longer valid. Because the FreeBSD operating system does not adequately clear signal handlers subsequent to a process calling exec(), an attacker can execute arbitrary code as root.

II. Impact

An local attacker may be able to execute arbitrary code as root.

III. Solution

Apply a patch from your vendor or upgrade your operating system to FreeBSD 4.3-STABLE.

Systems Affected

VendorStatusDate NotifiedDate Updated
Cray Inc.Not Vulnerable4-Oct-2001
FreeBSDVulnerable14-Sep-2001
Hewlett-Packard CompanyNot Vulnerable21-Sep-2001

References


ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
http://www.guninski.com/vvfreebsd.html
http://www.securityfocus.com/bid/3007

Credit

The CERT Coordination Center thanks Georgi Guninski for discovering this vulnerability and the FreeBSD project for providing a patch to address the vulnerability.

This document was written by Ian A. Finlay.

Other Information

Date Public:2001-07-10
Date First Published:2001-09-14
Date Last Updated:2002-12-12
CERT Advisory: 
CVE-ID(s):CVE-2001-1180
NVD-ID(s):CVE-2001-1180
US-CERT Technical Alerts: 
Metric:29.25
Document Revision:30

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader