J-Security Center

Title: Multiple Vendor I/O System Call File Existence Weakness

Severity: MODERATE

Description:

A weakness has been discovered in the implementation of various I/O system calls. The problem occurs due to varying error return times, when accessing existent and non-existent files. This issue has been confirmed to affect the open() system call, however it is likely that other similar calls are also affected.

An attacker could exploit this vulnerability by calling the open() system call on unreadable files. By making requests for various unreadable files, it may be possible for an attacker to deduce a timing window that can be used to verify the existence of the file.

It should be noted that a fix for this weakness might not be plausible, as the kernel is meant to be as efficient as possible. However, the specific problem may occur due to a differing sequence of events while attempting to access non-existent files. A solution may be to have an identical sequence of permission checking on directories, before checking for the file.

It has been reported that this weakness has successfully been exploited on various Linux and BSD releases. However, this weakness likely exists in other operating systems including Sun Solaris and Microsoft Windows.

Affected Products:

  • Astaro Security Linux 2.0.0 16
  • Astaro Security Linux 2.0.0 23
  • CRUX CRUX Linux 1.0.0
  • Caldera OpenLinux 2.3.0
  • Caldera OpenLinux 2.4.0
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Conectiva Linux 4.0.0
  • Conectiva Linux 4.0.0 es
  • Conectiva Linux 4.1.0
  • Conectiva Linux 4.2.0
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux Enterprise Edition 1.0.0
  • Conectiva Linux ecommerce
  • Conectiva Linux graficas
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • EnGarde Secure Linux 1.0.1
  • FreeBSD FreeBSD 4.0.0
  • FreeBSD FreeBSD 4.1.0
  • FreeBSD FreeBSD 4.2.0
  • FreeBSD FreeBSD 4.3.0
  • FreeBSD FreeBSD 4.4.0
  • FreeBSD FreeBSD 4.5.0
  • FreeBSD FreeBSD 4.6.0
  • FreeBSD FreeBSD 4.7.0
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0
  • Immunix Immunix OS 7+
  • Linux kernel 2.2.0
  • Linux kernel 2.2.1
  • Linux kernel 2.2.10
  • Linux kernel 2.2.11
  • Linux kernel 2.2.12
  • Linux kernel 2.2.13
  • Linux kernel 2.2.14
  • Linux kernel 2.2.15
  • Linux kernel 2.2.16
  • Linux kernel 2.2.17
  • Linux kernel 2.2.18
  • Linux kernel 2.2.19
  • Linux kernel 2.2.2
  • Linux kernel 2.2.20
  • Linux kernel 2.2.21
  • Linux kernel 2.2.22
  • Linux kernel 2.2.23
  • Linux kernel 2.2.24
  • Linux kernel 2.2.25
  • Linux kernel 2.2.3
  • Linux kernel 2.2.4
  • Linux kernel 2.2.5
  • Linux kernel 2.2.6
  • Linux kernel 2.2.7
  • Linux kernel 2.2.8
  • Linux kernel 2.2.9
  • Linux kernel 2.4.0
  • Linux kernel 2.4.1
  • Linux kernel 2.4.10
  • Linux kernel 2.4.11
  • Linux kernel 2.4.12
  • Linux kernel 2.4.13
  • Linux kernel 2.4.14
  • Linux kernel 2.4.15
  • Linux kernel 2.4.16
  • Linux kernel 2.4.17
  • Linux kernel 2.4.18
  • Linux kernel 2.4.19
  • Linux kernel 2.4.2
  • Linux kernel 2.4.20
  • Linux kernel 2.4.3
  • Linux kernel 2.4.4
  • Linux kernel 2.4.5
  • Linux kernel 2.4.6
  • Linux kernel 2.4.7
  • Linux kernel 2.4.8
  • Linux kernel 2.4.9
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Linux Mandrake 6.0.0
  • MandrakeSoft Linux Mandrake 6.1.0
  • MandrakeSoft Linux Mandrake 7.0.0
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • MandrakeSoft Multi Network Firewall 2.0.0
  • MandrakeSoft Single Network Firewall 7.2.0
  • RedHat Advanced Workstation for the Itanium Processor 2.1.0
  • RedHat Advanced Workstation for the Itanium Processor 2.1.0 IA64
  • RedHat Enterprise Linux AS 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Linux 6.0.0
  • RedHat Linux 6.0.0 alpha
  • RedHat Linux 6.0.0 sparc
  • RedHat Linux 6.1.0 alpha
  • RedHat Linux 6.1.0 i386
  • RedHat Linux 6.1.0 sparc
  • RedHat Linux 6.2.0
  • RedHat Linux 6.2.0 alpha
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 6.2.0 sparc
  • RedHat Linux 7.0.0
  • RedHat Linux 7.0.0 alpha
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.0.0 sparc
  • RedHat Linux 7.1.0 alpha
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 ia64
  • RedHat Linux 7.2.0
  • RedHat Linux 7.2.0 alpha
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 7.3.0
  • RedHat Linux 8.0.0
  • RedHat Linux 9.0.0 i386
  • S.u.S.E. Linux 6.0.0
  • S.u.S.E. Linux 6.1.0
  • S.u.S.E. Linux 6.1.0 alpha
  • S.u.S.E. Linux 6.3.0
  • S.u.S.E. Linux 6.3.0 alpha
  • S.u.S.E. Linux 6.3.0 ppc
  • S.u.S.E. Linux 6.4.0
  • S.u.S.E. Linux 6.4.0 alpha
  • S.u.S.E. Linux 6.4.0 ppc
  • S.u.S.E. Linux 7.0.0
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.1.0
  • S.u.S.E. Linux Connectivity Server
  • S.u.S.E. Linux Database Server
  • S.u.S.E. Linux Enterprise Server 7
  • S.u.S.E. Linux Enterprise Server 8
  • S.u.S.E. Linux Firewall on CD
  • S.u.S.E. Linux Office Server
  • S.u.S.E. Linux Openexchange Server
  • S.u.S.E. Linux Personal 8.2.0
  • S.u.S.E. SuSE eMail Server 3.1.0
  • S.u.S.E. SuSE eMail Server III
  • SCO eDesktop 2.4.0
  • SCO eServer 2.3.1
  • Slackware Linux -current
  • Slackware Linux 4.0.0
  • Slackware Linux 7.0.0
  • Slackware Linux 7.1.0
  • Slackware Linux 8.0.0
  • Slackware Linux 9.0.0
  • Sun Cobalt Qube 3
  • Sun Cobalt RaQ 4
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Linux 5.0.0
  • Sun Linux 5.0.3
  • Sun Linux 5.0.5
  • Trustix Secure Linux 1.1.0
  • Trustix Secure Linux 1.2.0
  • Trustix Secure Linux 1.5.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • WOLK WOLK 4.4.0 s
  • WireX Immunix OS 6.2.0
  • WireX Immunix OS 7.0.0
  • WireX Immunix OS 7.0.0 -Beta

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.