Hosting Provided By

OpenBSD 3.3: improper kernel bounds check

From: Todd C. Miller <Todd.Miller(at)courtesan.com>
Date: Wed Aug 20 2003 - 16:29:04 EDT

An improper bounds check in the semget(2) system call can allow a local user to cause a kernel panic. No privilege escalation is possible, the attack simply runs the kernel out of memory. The bug was introduced in OpenBSD 3.3, previous versions of OpenBSD are unaffected.

The bug has been fixed in OpenBSD-current as well as the 3.3 stable branch. In addition, a patch is available for OpenBSD 3.3:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch

Credit goes to blexim for finding and reporting the problem. Received on Wed Aug 20 17:07:43 2003

This message: [ Message body ]
Next message: Brad: "Sendmail bug wrt DNS maps"
Previous message: Todd C. Miller: "off-by-one error in realpath(3)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:46:07 EDT