ManTrap Local Denial of Service Vulnerability

ManTrap is a "honeypot" intrusion detection system designed to lure attackers into it for analysis. The honeypot is implemented as a chroot'ed Solaris environment, designed to look and feel real to an attacker who gains access to it. In order to hide files/processes, kernel modules that filter data from the kernel are used. It is possible to exploit a failure to handle exceptional conditions condition that exists in these modules and temporarily lock up the system locally. This is accomplished by performing various directory listing/traversal functions in /proc. eg.

# cd /proc && cd self && cd cwd
# pwd <causes error response>
# cd ../../../../../
# cd proc
# cd self <should receive error response>
# ls, pwd, etc, <BOOM!>

Further technical details are not yet known.


 

Privacy Statement
Copyright 2010, SecurityFocus