Title: NetBSD SVR4 compatibility device creation Vulnerability
Severity: MODERATE
Description:
The System Release 4 emulation system under NetBSD requires the creation of a set of device files. The SVR4_MAKEDEV script shipped with the system can automate this task. Among the devices files created by this script is a SVR4 /dev/wabi equivalent places under /emul/svr4. The device is supposed to be equivalent to the /dev/null special file.
As the script was originally developed under the Sparc port of NetBSD, the device file is created with a major and minor number equivalent to that of the /dev/null device in that platform (3 and 2). On the i386 port that major and minor number are associated with the IDE disk device (wd(4)). As the device file is created with with world read and write permissions a regular user can read and write to the equivalent of the /dev/rwd0c disk device file.
This vulnerability only affects NetBSD 1.3.3 and prior, and NetBSD-current until 19990420 under the i386 architecture.
Affected Products:
- NetBSD NetBSD 1.3.0
- NetBSD NetBSD 1.3.1
- NetBSD NetBSD 1.3.2
- NetBSD NetBSD 1.3.3
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
