CNNVD-ID编号 | CNNVD-200002-014 |
CVE编号 | CVE-2000-0157 |
发布时间 | 2000-02-01 |
更新时间 | 2005-05-02 |
漏洞类型 | 其他 |
漏洞来源 | This vulnerability was first made public in a NetBSD Security Advisory dated December 12, 1999. |
危险等级 | 高危 |
威胁类型 | 本地 |
厂 商 | netbsd |
NetBSD VAX上的跟踪进程存在漏洞。本地用户可以通过修改调试进程中的PSL内容提升特权。
Current versions of the NetBSD tree (-current) are not vulnerable. If you are running a kernel built from sources prior to 12/12/99, on VAX hardware, you should upgrade immediately. The following patch can be applied to 1.4.1 kernels: Index: machdep.c =================================================================== RCS file: /cvsroot/syssrc/sys/arch/vax/vax/machdep.c,v retrieving revision 1.76.2.1 diff -c -r1.76.2.1 machdep.c *** machdep.c 1999/04/16 16:26:01 1.76.2.1 - --- machdep.c 1999/12/12 11:08:46 *************** *** 770,776 **** tf->fp = regs->fp; tf->sp = regs->sp; tf->pc = regs->pc; ! tf->psl = regs->psl; return 0; } - --- 770,777 ---- tf->fp = regs->fp; tf->sp = regs->sp; tf->pc = regs->pc; ! tf->psl = (regs->psl|PSL_U|PSL_PREVU) & ! ~(PSL_MBZ|PSL_IS|PSL_IPL1F|PSL_CM); /* Allow compat mode? */ return 0; }
来源: BID
名称: 992