NetBSD Super-H Port sigreturn() Input Validation Vulnerability

Ports of NetBSD for the Hitachi SuperH architecture contain a vulnerability in their implementation of sigreturn().

Sigreturn() is a system call that is used to resume process execution when the signal handler is finished executing.

This vulnerability could allow for a user-process to resume execution in privileged execution mode after a signal handler has returned.

Exploitation of this vulnerability could lead to a root compromise.

Note: A very similar bug exists in the kernel function 'process_write_regs()'. This function is used internally by the ptrace()/procfs implementations, though it may be passed data that is originally user-supplied. If this is the case, then this vulnerability may be exploitable in the same manner as the sigreturn() vulnerability.


Privacy Statement
Copyright 2010, SecurityFocus