Date: Tue, 9 Feb 1999 17:15:23 +1100From: matthew green To: BUGTRAQ@netspace.orgSubject: NetBSD Security Advisory 1999-002 -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 1999-002 ================================= Topic: Security problem with netstat Version: NetBSD-current from 19980603 to 19990208. Severity: Local users are able to read any kernel memory location.Abstract======== In the version of netstat between the two dates above, a security hole exists which will allow non-root users to examine any kernel memorylocation. Technical Details================= The code which was added to allow printing of kernel protocol control blocks does not have strict checks to make certain the memory being display is a protocol control block. Also, since the block contains information like TCP sequence numbers, users should generally not be allowed to examine these blocks.Solutions and Workarounds ========================= NetBSD-current users should update to a source tree newer than 19990208, or apply this patch and rebuild netstat: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/19990208-netstat If this action cannot be taken easily, netstat can be disabled for non-root users. chmod 555 /usr/bin/netstatThanks To========= Thanks go to Michael Graff and Charles Hannum for the discovery and resolution of this bug.More Information ================Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 1999, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA1999-002.txt,v 1.2 1999/02/09 01:27:27 mrg Exp $