Title: CerbNG Multiple System Call Wrappers Concurrency Vulnerabilities
Severity: HIGH
Description:
CerbNG is a framework for managing and logging rule-based control of system calls. It is available for FreeBSD.
CerbNG is prone to multiple concurrency vulnerabilities due to its implementation of system call wrappers. This problem results in race conditions that can be described by two categories:
- Time-of-check-to-time-of-use (TOCTTOU) races occur when access control checks are not performed atomically with the operations they check. This can allow attackers to violate access control rules.
- Time-of-audit-to-time-of-use (TOATTOU) races occur when actual accesses are not properly checked due to non-atomicity. This allows attackers to violate accuracy requirements, thereby avoiding IDS triggers.
These issues occur when 'log-exec.cb' audits system calls, such as 'execve()', and generates incorrect audit trails.
Attackers can exploit these issues by replacing certain values in system call wrappers with malicious data to elevate privileges or to bypass auditing. Successful attacks can completely compromise affected computers.
Affected Products:
- Cerb CerbNG 0.1
- Cerb CerbNG 0.2
- Cerb CerbNG 0.3
- Cerb CerbNG 0.4
References:
- Cerb: Cerb Homepage
- Robert N. M. Watson: Exploiting Concurrency Vulnerabilities in System Call Wrappers
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
