NetBSD FD_SET() buffer overflow

netbsd-fdset-bo (10114) The risk level is classified as HighHigh Risk

Description:

NetBSD is vulnerable to a buffer overflow, caused by improper bounds checking by the mbone tools and pppd on FD_SET() operations. A local attacker could fill the file descriptor tables prior to executing one of the affected tools to overflow a buffer and gain root privileges on the system.

Platforms Affected:

  • NetBSD, NetBSD 1.4
  • NetBSD, NetBSD 1.4.1
  • NetBSD, NetBSD 1.4.2
  • NetBSD, NetBSD 1.4.3
  • NetBSD, NetBSD 1.5
  • NetBSD, NetBSD 1.5.1
  • NetBSD, NetBSD 1.5.2
  • NetBSD, NetBSD 1.5.3

Remedy:

For NetBSD-current:
Upgrade to the latest version of NetBSD-current (dated 2002-08-10 or later), as listed in NetBSD Security Advisory 2002-014. See References.

For NetBSD 1.6 beta and 1.6 release candidates:
Upgrade to the latest version of the NetBSD 1.6 release (dated 2002-08-11 or later), as listed in NetBSD Security Advisory 2002-014. See References.

For NetBSD 1.5, 1.5.1, 1.5.2, and 1.5.3:
Upgrade to the latest version of the NetBSD 1.5 branch (dated 2002-09-05 or later), as listed in NetBSD Security Advisory 2002-014. See References.

Consequences:

Gain Privileges

References:

  • Full-Disclosure Mailing List, Mon Sep 16 2002 - 21:39:49 CDT, fd_set overrun in mbone tools and pppd at http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1006.html. (From Full-Disclosure Mailing List archive)
  • BID-5727: NetBSD IPv4 Multicast Tools Buffer Overflow Vulnerability
  • CVE-2002-1500: Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().

Reported:

Sep 17, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page