ManTrap Local Denial of Service Vulnerability
BID:1913
Info
ManTrap Local Denial of Service Vulnerability
| Bugtraq ID: | 1913 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 01 2000 12:00AM |
| Updated: | Nov 01 2000 12:00AM |
| Credit: | Fist published in a Fate Labs advisory on Nov 1, 2000. |
| Vulnerable: |
Recourse Technologies ManTrap 1.6.1 |
| Not Vulnerable: |
Recourse Technologies ManTrap 2.0 |
Discussion
ManTrap Local Denial of Service Vulnerability
ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. In order to hide files/processes, kernel modules that filter data from the kernel are used. It is possible to exploit a failure to handle exceptional conditions condition that exists in these modules and temporarily lock up the system locally. This is accomplished by performing various directory listing/traversal functions in /proc. eg.
# cd /proc && cd self && cd cwd
# pwd <causes error response>
# cd ../../../../../
# cd proc
# cd self <should receive error response>
# ls, pwd, etc, <BOOM!>
Further technical details are not yet known.
ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. In order to hide files/processes, kernel modules that filter data from the kernel are used. It is possible to exploit a failure to handle exceptional conditions condition that exists in these modules and temporarily lock up the system locally. This is accomplished by performing various directory listing/traversal functions in /proc. eg.
# cd /proc && cd self && cd cwd
# pwd <causes error response>
# cd ../../../../../
# cd proc
# cd self <should receive error response>
# ls, pwd, etc, <BOOM!>
Further technical details are not yet known.
Exploit / POC
ManTrap Local Denial of Service Vulnerability
See discussion.
See discussion.
Solution / Fix
ManTrap Local Denial of Service Vulnerability
Solution:
This signature has been fixed in ManTrap v2.0 with the most recent patch set. Please contact Recourse Technologies for information on how to obtain v2.0 and/or the current patch set. Contact information can be found at www.recourse.com.
Solution:
This signature has been fixed in ManTrap v2.0 with the most recent patch set. Please contact Recourse Technologies for information on how to obtain v2.0 and/or the current patch set. Contact information can be found at www.recourse.com.
References
ManTrap Local Denial of Service Vulnerability
References:
References: