BSDSec

deadsimple BSD Security Advisories and Announcements

NetBSD Security Advisory 2019-006: Denial of service and possible privilege escallation in filemon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		NetBSD Security Advisory 2019-006
		=================================

Topic:		Denial of service and possible privilege escallation in filemon

Version:	NetBSD-current:		affected up to 9.99.17
		NetBSD 8.1:		affected
		NetBSD 7.x:		unaffected

Severity:	Local users can crash the machine

Fixed:		NetBSD-current:		October 28, 2019
		NetBSD-9 branch:	October 28, 2019
		NetBSD-8 branch:	October 28, 2019

Please note that NetBSD releases prior to 7.1 are no longer supported.
It is recommended that all users upgrade to a supported release.

Abstract
========

An unprivileged user can write filemon output to arbitrary files,
or crash the system.

Technical Details
=================

The filemon module is experimental and not suitable for general
use. Unfortunately it can be inadvertently auto-loaded when
/dev/filemon is opened, and /dev/filemon is accessible to any user.

There was a missing write check in the filemon module thus permitting
any user to overwrite any file in the system. While we are not
currently aware of an exploit, it is conceivable that one can
overwrite a configuration file parsed by a privileged daemon that
does not abort on syntax errors.

Additionally the way filemon does filesystem interception is racy
and can lead to random crashes if the system calls are in use
while the module is unloaded.

Solutions and Workarounds
=========================

Unloading and removing the filemon module, either manually:

# modunload filemon
# rm -rf /stand/*/*/modules/filemon/

Or by updating the machine to a newer build and running
postinstall fix obsolete

Thanks To
=========

Ilja Van Sprundel for reporting this vulnerability.

More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at

	https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2019-006.txt.asc

Information about NetBSD and NetBSD security can be found at

	https://www.NetBSD.org/
	https://www.NetBSD.org/Security/

Copyright 2019, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2019-006.txt.asc,v 1.1 2019/12/17 00:55:08 christos Exp $
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJd+CdCAAoJEIkmHhf170n/sRwP/iepxkQCzWM7NUSZWDmbJ6A2
pJzJVlmwOwqqvRFlPWhfiLAryeWIaM6mO4mCdqQUodvZGE8+9q9/1Qyga41YQji5
mYCiFCAM1ezUzhr9FXHsJZf8rvEp6qt9E7DjqNpzJy9ut9bSEMLVq3M4GLqcQZn3
t2067Cl0OIkOrenxU5aM5cYuQe62DotQR254HmGKGzG5SbNOM9Q1fLJECNECRFt2
7N72RsOcDMnEKepVoFcH200oMKM5/tgweRKTxcrq3NsrFORSwgpobSN1Q2g5Uzc3
+PvB7wsy2xb1XbHT7VYn+vspbrzlSDm+vrQCTNPUm26iOnyvl4XdFPOXwlUuHSXk
GU2m5uqX3KvWkU4DDVhZ5DRmQHi8tY0sri53qvI0sazOlKtHau+qt0TI6pbizhPV
o7CBsTytvw1ztL0q4g4pweRHiIT+jILTfeAaojNLAqDnLgzm4lBcUzg5WX552lCx
vNb+2B6WHmIbAx/Jtr60ei97PWQVJ8ECckyrh+vvo2dD/izJg8JkB1rJa1ihydtu
bvv3+MHO24wwBjlfcnoPvOETcakMRRH3Fkp9CNRx894eTn8bwrz3xPtyAhAwqzuc
z2s/9foAs53wneKlnT6BCtUMx9v6FVT+9oOUmYGnQ7OneqZMKTSDHj2WsJEQNHXP
5Zkm7k2HHV6xcFF7tAo6
=uQGc
-----END PGP SIGNATURE-----