Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple vendor I/O system call file existence vulnerability

Multiple vendor I/O system call file existence vulnerability

by Mario Miri on April 9th, 2003 An issue exists in multiple vendor I/O system call. Measuring the time to access existent or non-existent files, an attacker could gain information whether the file exists


Vulnerable:
FreeBSD 4.0
FreeBSD 4.1
FreeBSD 4.2
FreeBSD 4.3
FreeBSD 4.4
FreeBSD 4.5
FreeBSD 4.6
FreeBSD 4.7
Linux kernel 2.2
Linux kernel 2.2.1
Linux kernel 2.2.2
Linux kernel 2.2.3
Linux kernel 2.2.4
Linux kernel 2.2.5
Linux kernel 2.2.6
Linux kernel 2.2.7
Linux kernel 2.2.8
Linux kernel 2.2.9
Linux kernel 2.2.10
Linux kernel 2.2.11
Linux kernel 2.2.12
Linux kernel 2.2.13
Linux kernel 2.2.14
Linux kernel 2.2.15
Linux kernel 2.2.16
Linux kernel 2.2.17
Linux kernel 2.2.18
Linux kernel 2.2.19
Linux kernel 2.2.20
Linux kernel 2.2.21
Linux kernel 2.2.22
Linux kernel 2.2.23
Linux kernel 2.2.24
Linux kernel 2.2.25
Linux kernel 2.4
Linux kernel 2.4.1
Linux kernel 2.4.2
Linux kernel 2.4.3
Linux kernel 2.4.4
Linux kernel 2.4.5
Linux kernel 2.4.6
Linux kernel 2.4.7
Linux kernel 2.4.8
Linux kernel 2.4.9
Linux kernel 2.4.10
Linux kernel 2.4.11
Linux kernel 2.4.12
Linux kernel 2.4.13
Linux kernel 2.4.14
Linux kernel 2.4.15
Linux kernel 2.4.16
Linux kernel 2.4.17
Linux kernel 2.4.18
Linux kernel 2.4.19
Linux kernel 2.4.20


Exploit / Proof of concept:
http://download.xatrix.org/prf/filetest.txt


Solution:
Currently there are no vendor supplied patches.


Discovered by:
Andrew Griffiths, [email protected]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »