• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NetBSD Super-H Port sigreturn() Input Validation Vulnerability

Ports of NetBSD for the Hitachi SuperH architecture contain a vulnerability in their implementation of sigreturn().

Sigreturn() is a system call that is used to resume process execution when the signal handler is finished executing.

This vulnerability could allow for a user-process to resume execution in privileged execution mode after a signal handler has returned.

Exploitation of this vulnerability could lead to a root compromise.

Note: A very similar bug exists in the kernel function 'process_write_regs()'. This function is used internally by the ptrace()/procfs implementations, though it may be passed data that is originally user-supplied. If this is the case, then this vulnerability may be exploitable in the same manner as the sigreturn() vulnerability.