FreeBSD procfs Access Control Vulnerability

procfs is part of the FreeBSD Operating System, maintained by the FreeBSD Project. A problem exists which could allow a user to gain elevated privileges.

The problem occurs in the handling of access control in the /proc/<pid>/mem and /proc/<pid>/ctl files. These files provide access to process address space, making it possible to alter the operations of running processes. Abusing the weakness in /proc/<pid>/mem, one could fork() a process from a running process and use it to execute a setuid program. After the execution of the program, the user forking the process still retains read/write access to the memory space, and could use this for the execution of arbitrary code or commands. Therefore, it is possible for a user with malicious intent to abuse this weakness to gain elevated privileges, and potentially administrative privileges.


Privacy Statement
Copyright 2010, SecurityFocus