OSVDB ID: 22135 Title: Multics on HIS 645 Execute Instruction SDW Access Check Bypass |
Info |
|
|
Dates |
||||
|
|
Description |
Multics contains a flaw that may allow a local attacker to gain elevated privileges. The issue occured when a specific sequence of code was used to bypass the access checking on the 645 machine. This occured when the execute instruction was in certain restricted locations of a segment with at least read-execute (re) permission. The execute instruction then referenced an object instruction in word zero of a second segment with at least R permission. The object instruction indirected through an ITS pointer in the first segment to access a word for reading or writing in a third segment. The third segment was required to be "active"; that is, to have an SDW pointing to a valid page table for the segment. If all these conditions were met precisely, the access control fields in the SDW of the third segment would be ignored and the object instruction permitted to complete without access checks. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Public |
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. |
Products |
|
References |
Credit |
Unknown or Incomplete |