Knowledge Search


×
 

Potential security vulnerability in FreeBSD file system (FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc)

  [JSA10306] Show Article Properties


Legacy Advisory Id:
PSN-2003-01-064
Product Affected:
JUNOS Internet Software Releases 5.3R1 through 5.3R3, 5.4R1 through 5.4R3, 5.5R1, 5.5R2, and 5.6R1
Problem:
A programming error in the FreeBSD fpathconf(2) system call can cause a file descriptor's reference count to be incremented erroneously incremented. A local attacker could write and execute a program that could cause the operating system to crash or could cause the attacker to gain additional privileges.

This problem is described in more detail at:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc

The problem is also documented as PR/30971.
Solution:
The affected file system calls have been updated so that they increment file descriptor reference counts correctly.
Implementation:
Customers should install an updated release of JUNOS software. All releases of JUNOS software built on or after January 8, 2003, contain the fix. There are no workarounds for this issue.
Related Links:
Severity Level:
Low
Severity Assessment:
The probability of this problem occurring is low. For it to occur, the attacker must have access to the router and be able to load and execute programs on it. Users with this level of access also have other methods of compromising the router.