[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : BSD/OS 2.0/2.0.1 kernel vulnerability

Title: BSD/OS 2.0/2.0.1 kernel vulnerability
Released by: BSDI
Date: 5th March 1996
Printable version: Click here

Security Advisory

Berkeley Software Design, Inc.

Topic:  BSD/OS 2.0/2.0.1 kernel vulnerability

Number: 1996-03-05

Date:   March 5, 1996

Patch:  http://ftp.bsdi.com/bsdi/patches/patches-2.0.1/K201-008


I.   Background    


     A bug was found in an unused portion of the ptrace code in

     BSD/OS 2.0 and 2.0.1 that caused a system vulnerability.  The

     bug is not present in the current release, BSD/OS 2.1.  BSDI

     is not aware of anyone who is actively exploiting this bug.

     All BSDI customers with current support contracts were mailed

     floppies containing the patch for this problem.  Customers

     without current support contracts can and should download the

     patch from the ftp server.

II.  Problem Description

     Permssion checking for an unused operation was incorrect.

III. Impact

     The problem could allow local users to control privileged

     processes, and could thus allow users to acquire unauthorized


     This vulnerability can only be exploited by users with a valid

     account on the local system.

IV. Solution(s)

     Install BSDI patch K201-008 on all BSD/OS 2.0 or 2.0.1 systems,

     or upgrade to BSD/OS 2.1.


Berkeley Software Design, Inc.

5579 Tech Center Drive, Suite 110

Colorado Springs, CO 80919

Web Site:       http://www.bsdi.com/

BSDI Support:   +1 800 ITS BSD8  /  +1 719 536 9346

Support Email:  support@bsdi.com

PGP Key:        http://ftp.bsdi.com/bsdi/info/pgp_key

(C) 1999-2000 All rights reserved.