FreeBSD procfs Denial of Service Vulnerability
BID:2131
Info
FreeBSD procfs Denial of Service Vulnerability
| Bugtraq ID: | 2131 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 18 2000 12:00AM |
| Updated: | Dec 18 2000 12:00AM |
| Credit: | This vulnerability was first discovered by Joost Pol <[email protected]> and Frank van Vliet <[email protected]>. It was announced in a FreeBSD Security Advisory to Bugtraq on December 18, 2000. |
| Vulnerable: |
FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 3.5.1 |
| Not Vulnerable: | |
Discussion
FreeBSD procfs Denial of Service Vulnerability
procfs is the Process Filesystem, a file system interface to the process table included with the FreeBSD Operating System. A problem exists which could allow a local user to deny service to legitimate users of a FreeBSD Server.
The problem occurs in the handling of /proc/<process id>/mem files. It is possible to launch a process which executes an mmap() system call and maps the memory address of it's own memory address space, as defined in /proc/<process id>mem. By doing so, the kernel enters an infinite loop and hangs, requiring a system reboot at the console. This problem with design makes it possible for a local user with malicious intent to crash the system, thus denying service to legitimate users.
procfs is the Process Filesystem, a file system interface to the process table included with the FreeBSD Operating System. A problem exists which could allow a local user to deny service to legitimate users of a FreeBSD Server.
The problem occurs in the handling of /proc/<process id>/mem files. It is possible to launch a process which executes an mmap() system call and maps the memory address of it's own memory address space, as defined in /proc/<process id>mem. By doing so, the kernel enters an infinite loop and hangs, requiring a system reboot at the console. This problem with design makes it possible for a local user with malicious intent to crash the system, thus denying service to legitimate users.
Exploit / POC
FreeBSD procfs Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeBSD procfs Denial of Service Vulnerability
Solution:
The FreeBSD Security Team has supplied a patch for this issue. It is recommended that users of the affected versions of the Operating System upgrade to a revision after the fix date, or apply the patch to the source tree and rebuild the system.
Patches:
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2
Solution:
The FreeBSD Security Team has supplied a patch for this issue. It is recommended that users of the affected versions of the Operating System upgrade to a revision after the fix date, or apply the patch to the source tree and rebuild the system.
Patches:
FreeBSD FreeBSD 3.5.1
-
FreeBSD 3.5.1 procfs.3.5.1.patch.v1.1
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.p atch.v1.1
FreeBSD FreeBSD 4.1
-
FreeBSD 4.1 procfs.4.1.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.pat ch
FreeBSD FreeBSD 4.1.1
-
FreeBSD 4.1.1 procfs.4.1.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.pat ch
FreeBSD FreeBSD 4.2
-
FreeBSD 4.2 procfs.4.2.patch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.pat ch
References
FreeBSD procfs Denial of Service Vulnerability
References:
References: