NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when verified exec allows a malicious user to execute specially crafted binaries. This flaw may lead to a loss of integrity.

Verified exec uses the namei interface. The namei interface is used to convert pathnames to file system vnodes. The namei interface contains a function named NDINIT, which initialises a nameidata structure pointed to by ndp for use by the namei interface. The NDINIT function fails to use UIO_SYSSPACE. As a result, characters are copied from a user address rather than a kernel address.

Specifically, in the verifiedexecioctl() function in sys/dev/verified_exec.c, UIO_USERSPACE should have been UIO_SYSSPACE.

Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015132
• CVE ID: 2005-4779 (see also: NVD)
• Related OSVDB ID: 20726 20727 20728 20729 20730 20731
• Vendor Specific Advisory URL: http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html
• Vendor URL: http://www.netbsd.org/
• Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051101-00969.html?lang=en

Unknown or Incomplete