Title: NetBSD ptrace(2) Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in the vax version of NetBSD, up to and including 1.4.1, and -current branches prior to 1991212. The ptrace() system call is used to trace and debug processes. The debugging process can alter register values, including the PSL (status) register. Under the VAX architecture, information about privilege levels and used stacks are also stored in the PSL register. Those flags are altered via the REI instruction (return from interrupt) or LDPCTX (load process context) instruction, and cannot be modified in 'user' mode. When altering the PSL from a debugging process, however, the program is in a kernel mode, and the debugging process can effectively alter the PSL to increase the privilege of the process.
Affected Products:
- NetBSD NetBSD 1.0.0
- NetBSD NetBSD 1.1.0
- NetBSD NetBSD 1.2.0
- NetBSD NetBSD 1.2.1
- NetBSD NetBSD 1.3.0
- NetBSD NetBSD 1.3.1
- NetBSD NetBSD 1.3.2
- NetBSD NetBSD 1.3.3
- NetBSD NetBSD 1.4.0 x86
- NetBSD NetBSD 1.4.1 x86
References:
- NetBSD: NetBSD Security Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
