FreeBSD inetd wheel Group File Read Vulnerability

inetd is the superserver of internet services, included with most implementations of the UNIX Operating System. FreeBSD is a freely available, open source implementation of UNIX.

A problem in the implementation of inetd as distributed with FreeBSD could allow access to restricted resources. Due to the design of the inetd package, inetd incorrectly sets group privileges on child processes, depending on the user. When an ident request is received, the identd process is started by inetd, inheriting group privileges of wheel, the root group. Upon generating a custom crafted request to the identd process, it is possible to manipulate the process into reading the first 16 bytes of any wheel readable file.

This flaw makes it possible for a user with malicious motives to read the first 16 bytes of sensitive files, potentially accessing the first entry of the encrypted password file, and gaining access to or elevated privileges on the local host.


Privacy Statement
Copyright 2010, SecurityFocus