• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NetBSD SVR4 compatibility device creation Vulnerability

The System Release 4 emulation system under NetBSD requires the creation of a set of device files. The SVR4_MAKEDEV script shipped with the system can automate this task. Among the devices files created by this script is a SVR4 /dev/wabi equivalent places under /emul/svr4. The device is supposed to be equivalent to the /dev/null special file.

As the script was originally developed under the Sparc port of NetBSD, the device file is created with a major and minor number equivalent to that of the /dev/null device in that platform (3 and 2). On the i386 port that major and minor number are associated with the IDE disk device (wd(4)). As the device file is created with with world read and write permissions a regular user can read and write to the equivalent of the /dev/rwd0c disk device file.

This vulnerability only affects NetBSD 1.3.3 and prior, and NetBSD-current until 19990420 under the i386 architecture.