NetBSD Security Advisory 1999-002

[mrg () ETERNA COM AU (matthew green)]

-----BEGIN PGP SIGNED MESSAGE-----

                 NetBSD Security Advisory 1999-002
                 =================================

Topic:          Security problem with netstat
Version:        NetBSD-current from 19980603 to 19990208.
Severity:       Local users are able to read any kernel memory
                location.


Abstract
========

In the version of netstat between the two dates above, a security hole
exists which will allow non-root users to examine any kernel memory
location.


Technical Details
=================

The code which was added to allow printing of kernel protocol control
blocks does not have strict checks to make certain the memory being
display is a protocol control block.  Also, since the block contains
information like TCP sequence numbers, users should generally not be
allowed to examine these blocks.

Solutions and Workarounds
=========================

NetBSD-current users should update to a source tree newer than
19990208, or apply this patch and rebuild netstat:

    ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990208-netstat


If this action cannot be taken easily, netstat can be disabled for
non-root users.

        chmod 555 /usr/bin/netstat


Thanks To
=========

Thanks go to Michael Graff <explorer () netbsd org> and Charles Hannum
<root () ihack net> for the discovery and resolution of this bug.


More Information
================

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 1999, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA1999-002.txt,v 1.2 1999/02/09 01:27:27 mrg Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNr/O/T5Ru2/4N2IFAQHoEQQAm9tgcL/9FCCrt+aNUe0oPIgZjlL0w93w
qGMo9JeeVx3YdHh9lPo1YH1ra9Jeb5SDVY3d0CJo+hHE5cudKCsMHFj1oKpDr9ZS
u9TAk6P8e5FKCUemcLrsYWIo0n+hk8xKyTtXEgjzbDRxJp2VtemiG1hR2Q6yTIex
8dWtyKTd9fI=
=6eFn
-----END PGP SIGNATURE-----