OpenBSD Kernel Input Validation Flaw in vga() Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1017468 |
|
SecurityTracker URL: http://securitytracker.com/id/1017468
|
|
CVE Reference:
CVE-2007-0085
(Links to External Site)
|
Updated: May 20 2008
|
Original Entry Date: Jan 4 2007
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.9, 4.0
|
Description:
A vulnerability was reported in OpenBSD Kernel. A local user can obtain root privileges on the target system.
If the kernel is compiled with the PCIAGP option but the actual device is not an AGP device, then a local user can exploit an input validation flaw in vga(4) to obtain root privileges.
Only i386-based systems are affected.
Ilja van Sprundel discovered this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
OpenBSD has issued a fix, available at:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/i386/007_agp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/i386/017_agp.patch
|
Vendor URL: www.openbsd.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 3 Jan 2007 23:23:25 -0500
Subject: OpenBSD Kernel
|
SECURITY FIX: January 3, 2007 i386 only
Insufficient validation in vga(4) may allow an attacker to gain root privileges if the
kernel is compiled with option PCIAGP and the actual device is not an AGP device. The
PCIAGP option is present by default on i386 kernels only.
A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/i386/007_agp.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/i386/017_agp.patch
|
|
