BSD exec C Library Standard I/O File Descriptor Closure Vulnerability

It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are valid open files before exec()ing setuid images. Consequently, I/O that are opened by a setuid process may be assigned file descriptors equivelent to those used by the C library as 'standard input','standard output', and 'standard error'.

This may result in untrusted, attacker supplied data being written to sensitive I/O channels. Local root compromise has been confirmed as a possible consequence.


Privacy Statement
Copyright 2010, SecurityFocus