中国站

NetBSD跟踪进程(2)漏洞

CNNVD-ID编号 CNNVD-200002-014 CVE编号 CVE-2000-0157
发布时间 2000-02-01 更新时间 2005-05-02
漏洞类型 其他 漏洞来源 This vulnerability was first made public in a NetBSD Security Advisory dated December 12, 1999.
危险等级 高危 威胁类型 本地
厂商 netbsd

漏洞介绍

NetBSD VAX上的跟踪进程存在漏洞。本地用户可以通过修改调试进程中的PSL内容提升特权。

漏洞补丁

Current versions of the NetBSD tree (-current) are not vulnerable. If you are running a kernel built from sources prior to 12/12/99, on VAX hardware, you should upgrade immediately. The following patch can be applied to 1.4.1 kernels: Index: machdep.c =================================================================== RCS file: /cvsroot/syssrc/sys/arch/vax/vax/machdep.c,v retrieving revision 1.76.2.1 diff -c -r1.76.2.1 machdep.c *** machdep.c 1999/04/16 16:26:01 1.76.2.1 - --- machdep.c 1999/12/12 11:08:46 *************** *** 770,776 **** tf->fp = regs->fp; tf->sp = regs->sp; tf->pc = regs->pc; ! tf->psl = regs->psl; return 0; } - --- 770,777 ---- tf->fp = regs->fp; tf->sp = regs->sp; tf->pc = regs->pc; ! tf->psl = (regs->psl|PSL_U|PSL_PREVU) & ! ~(PSL_MBZ|PSL_IS|PSL_IPL1F|PSL_CM); /* Allow compat mode? */ return 0; }

参考网址

受影响实体

信息来源

查询漏洞

    • 漏洞名称
    • CVE编号
    • CNNVD编号
  • 开始时间

  • 结束时间