Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Systrace | Niels_provos | * | 1.6e (including) |
| Systrace | Niels_provos | 1.1 (including) | 1.1 (including) |
| Systrace | Niels_provos | 1.2 (including) | 1.2 (including) |
| Systrace | Niels_provos | 1.3 (including) | 1.3 (including) |
| Systrace | Niels_provos | 1.4 (including) | 1.4 (including) |
| Systrace | Niels_provos | 1.5 (including) | 1.5 (including) |
| Systrace | Niels_provos | 1.6 (including) | 1.6 (including) |
| Systrace | Niels_provos | 1.6a (including) | 1.6a (including) |
| Systrace | Niels_provos | 1.6b (including) | 1.6b (including) |
| Systrace | Niels_provos | 1.6c (including) | 1.6c (including) |
| Systrace | Niels_provos | 1.6d (including) | 1.6d (including) |
References
- http://scary.beasts.org/security/CESA-2009-001.html
- http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
- http://www.citi.umich.edu/u/provos/systrace/
- http://www.securityfocus.com/archive/1/500377/100/0/threaded
- http://www.securityfocus.com/bid/33417
- http://scary.beasts.org/security/CESA-2009-001.html
- http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html
- http://www.citi.umich.edu/u/provos/systrace/
- http://www.securityfocus.com/archive/1/500377/100/0/threaded
- http://www.securityfocus.com/bid/33417