SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   OpenBSD Kernel Vendors:   OpenBSD
OpenBSD Kernel Buffer Overflow in select(2) System Call Lets Local Users Execute Arbitrary Code With Kernel-Level Privileges
SecurityTracker Alert ID:  1005017
SecurityTracker URL:  http://securitytracker.com/id/1005017
CVE Reference:   CVE-2002-1420   (Links to External Site)
Updated:  Aug 7 2004
Original Entry Date:  Aug 11 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 3.1
Description:   A buffer overflow vulnerability was reported in the OpenBSD kernel in the select() synchronous input/output multiplexing system call. A local user can obtain root privileges.

OpenBSD reported that an insufficient boundary check in the select(2) system call allows a local user to overwrite kernel memory and execute arbitrary code in kernel context. The size parameter is reportedly evaluated as a signed integer but later, the kernel copies the user-supplied data using an unsigned integer to represent the size.

Impact:   A local user can obtain root privileges on the system.
Solution:   OpenBSD has issued a source code patch to fix the problem.

For OpenBSD 3.1:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/014_scarg.patch

For OpenBSD 3.0:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  OpenBSD select() and Poll() flaws


OpenBSD reported a vulnerability in the select() and poll() synchronous
I/O multiplexing utilities.

SECURITY FIX: August 11, 2002

An insufficient boundary check in the select(2) and poll(2) system calls
allows an attacker to overwrite kernel memory and execute arbitrary code
in kernel context.

A source code patch exists which remedies the problem. 

For OpenBSD 3.1:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/014_scarg.patch

For OpenBSD 3.0:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/031_scarg.patch


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC