NetBSD Security Advisory 2019-006: Denial of service and possible privilege escallation in filemon
17 December, 2019 by security-officer@netbsd.org | netbsd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2019-006 ================================= Topic: Denial of service and possible privilege escallation in filemon Version: NetBSD-current: affected up to 9.99.17 NetBSD 8.1: affected NetBSD 7.x: unaffected Severity: Local users can crash the machine Fixed: NetBSD-current: October 28, 2019 NetBSD-9 branch: October 28, 2019 NetBSD-8 branch: October 28, 2019 Please note that NetBSD releases prior to 7.1 are no longer supported. It is recommended that all users upgrade to a supported release. Abstract ======== An unprivileged user can write filemon output to arbitrary files, or crash the system. Technical Details ================= The filemon module is experimental and not suitable for general use. Unfortunately it can be inadvertently auto-loaded when /dev/filemon is opened, and /dev/filemon is accessible to any user. There was a missing write check in the filemon module thus permitting any user to overwrite any file in the system. While we are not currently aware of an exploit, it is conceivable that one can overwrite a configuration file parsed by a privileged daemon that does not abort on syntax errors. Additionally the way filemon does filesystem interception is racy and can lead to random crashes if the system calls are in use while the module is unloaded. Solutions and Workarounds ========================= Unloading and removing the filemon module, either manually: # modunload filemon # rm -rf /stand/*/*/modules/filemon/ Or by updating the machine to a newer build and running postinstall fix obsolete Thanks To ========= Ilja Van Sprundel for reporting this vulnerability. More Information ================ Advisories may be updated as new information becomes available. The most recent version of this advisory (PGP signed) can be found at https://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2019-006.txt.asc Information about NetBSD and NetBSD security can be found at https://www.NetBSD.org/ https://www.NetBSD.org/Security/ Copyright 2019, The NetBSD Foundation, Inc. All Rights Reserved. Redistribution permitted only in full, unmodified form. $NetBSD: NetBSD-SA2019-006.txt.asc,v 1.1 2019/12/17 00:55:08 christos Exp $ -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJd+CdCAAoJEIkmHhf170n/sRwP/iepxkQCzWM7NUSZWDmbJ6A2 pJzJVlmwOwqqvRFlPWhfiLAryeWIaM6mO4mCdqQUodvZGE8+9q9/1Qyga41YQji5 mYCiFCAM1ezUzhr9FXHsJZf8rvEp6qt9E7DjqNpzJy9ut9bSEMLVq3M4GLqcQZn3 t2067Cl0OIkOrenxU5aM5cYuQe62DotQR254HmGKGzG5SbNOM9Q1fLJECNECRFt2 7N72RsOcDMnEKepVoFcH200oMKM5/tgweRKTxcrq3NsrFORSwgpobSN1Q2g5Uzc3 +PvB7wsy2xb1XbHT7VYn+vspbrzlSDm+vrQCTNPUm26iOnyvl4XdFPOXwlUuHSXk GU2m5uqX3KvWkU4DDVhZ5DRmQHi8tY0sri53qvI0sazOlKtHau+qt0TI6pbizhPV o7CBsTytvw1ztL0q4g4pweRHiIT+jILTfeAaojNLAqDnLgzm4lBcUzg5WX552lCx vNb+2B6WHmIbAx/Jtr60ei97PWQVJ8ECckyrh+vvo2dD/izJg8JkB1rJa1ihydtu bvv3+MHO24wwBjlfcnoPvOETcakMRRH3Fkp9CNRx894eTn8bwrz3xPtyAhAwqzuc z2s/9foAs53wneKlnT6BCtUMx9v6FVT+9oOUmYGnQ7OneqZMKTSDHj2WsJEQNHXP 5Zkm7k2HHV6xcFF7tAo6 =uQGc -----END PGP SIGNATURE-----