SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   OpenBSD Kernel Vendors:   OpenBSD
OpenBSD semctl() and semop() Bugs Let Local Users Crash the System
SecurityTracker Alert ID:  1008271
SecurityTracker URL:  http://securitytracker.com/id/1008271
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 21 2003
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenBSD 3.3, 3.4
Description:   A buffer overflow vulnerability was reported in the OpenBSD in semctl() and semop() functions. A local user can cause the kernel to crash.

It is reported that a local user can supply specially crafted arguments to the semctl(2) or semop(2) system calls to cause the system to crash. The flaw is reportedly due to improper bounds checking in 'sysv_sem.c'.

Impact:   A local user can cause the system to crash.
Solution:   OpenBSD has issued the following fixes:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/008_sem.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents

Subject:  OpenBSD bugs


 > 008: RELIABILITY FIX: November 20, 2003
 > An improper bounds check makes it possible for a local user to cause a crash by
 > passing the semctl(2) and semop(2) functions certain arguments.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/008_sem.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch

 > 007: RELIABILITY FIX: November 20, 2003
 > It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/007_uvm.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC