SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   OpenBSD Kernel Vendors:   OpenBSD
OpenBSD semget() Boundary Overflow Bug Lets Local Users Crash the System
SecurityTracker Alert ID:  1007543
SecurityTracker URL:  http://securitytracker.com/id/1007543
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 20 2003
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenBSD 3.3
Description:   A vulnerability was reported in the OpenBSD operating system in the semget(2) system call. A local user can trigger a kernel panic.

It is reported that the semget(2) system call does not properly validate the bounds of user-supplied input. A local user can make a specially crafted call to cause the function to consume all available kernel memory, resulting in a kernel panic.

The vendor reports that the vulnerable code was introduced into OpenBSD version 3.3. Previous versions are not affected, the report said.

The vendor credits blexim for discovering and reporting the flaw.

Impact:   A local user can cause a kernel panic.
Solution:   The vendor has issue a fixed in the OpenBSD-current and 3.3 stable branches. A patch is also available for OpenBSD 3.3:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Boundary error, Resource error

Message History:   None.


 Source Message Contents

Subject:  OpenBSD 3.3: improper kernel bounds check


An improper bounds check in the semget(2) system call can allow a
local user to cause a kernel panic.  No privilege escalation is
possible, the attack simply runs the kernel out of memory.  The bug
was introduced in OpenBSD 3.3, previous versions of OpenBSD are
unaffected.

The bug has been fixed in OpenBSD-current as well as the 3.3 stable
branch.  In addition, a patch is available for OpenBSD 3.3:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/002_semget.patch

Credit goes to blexim for finding and reporting the problem.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC